Solved Bad Image virus on Dell Windows XP

[Quadrinity]

My AVG re-install won't recognize my serial number so now what do I do?

 

[Quadrinity]

My computer is really slow.

Here's the scan from AdwCleaner:

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 21:48:20
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Moira - MOIRA-9AEF92C25
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\3P4RLZGD\adwcleaner[3].exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : CltMngSvc
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted on reboot : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\WebSearch.xml
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\Moira\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Moira\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\CT3176921
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\CT3289847
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\jetpack
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\Smartbar
Folder Deleted : C:\Documents and Settings\Moira\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Moira\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Moira\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\express-files
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\express-files
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\express-files
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\WebSearch
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\express-files
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\express-files
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CDADDB9-0FBC-47BD-953E-505F8CF644D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52CA0E4A-9062-499A-8883-7F951FA99554}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\express-files Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\express-files Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/17&hid=276928473&lg=EN&cc=CA --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\prefs.js
Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3176921.FF19Solved", "true");
Deleted : user_pref("CT3176921.FirstTime", "true");
Deleted : user_pref("CT3176921.FirstTimeFF3", "true");
Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3176921.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3176921.SF_USER_ID.enc", "Y2lkXzE5MzIwMTMxODEzMTU2OTcyNQ==");
Deleted : user_pref("CT3176921.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT317[...]
Deleted : user_pref("CT3176921.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3176921.UserID", "UN10525569133264075");
Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3176921.autoDisableScopes", -1);
Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3176921.cb_experience_000.enc", "MzI=");
Deleted : user_pref("CT3176921.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3176921.cb_user_id_000.enc", "Q0IzMjYyNDI4OTgzNzNfMTM2Mzc0MTI1NDgwMl9GaXJlZm94");
Deleted : user_pref("CT3176921.cbfirsttime.enc", "VHVlIE1hciAxOSAyMDEzIDIwOjAwOjU0IEdNVC0wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3176921.defaultSearch", "true");
Deleted : user_pref("CT3176921.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3176921.enableAlerts", "always");
Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3176921.fixUrls", true);
Deleted : user_pref("CT3176921.homepageuserchanged", true);
Deleted : user_pref("CT3176921.installDate", "17/3/2013 13:37:14");
Deleted : user_pref("CT3176921.installId", "stub.exe");
Deleted : user_pref("CT3176921.installType", "conduitnsisintegration");
Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3176921.keyword", "true");
Deleted : user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3176921.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3176921.mam_gk_WindowShopper_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appStateReportTime.enc", "MTM3MDkxNTIwMjA3NQ==");
Deleted : user_pref("CT3176921.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3176921.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3176921.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3176921.mam_gk_currentBadgeValue.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3176921.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_lastLoginTime.enc", "MTM3MDkxNTE5ODI2MA==");
Deleted : user_pref("CT3176921.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3176921.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rIiwibmFtZSI6IkVhc3l0b2Jvb2siLCJkZ[...]
Deleted : user_pref("CT3176921.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3176921.mam_gk_userId.enc", "NzEwMjkwYWQtNzg5Yi00OWI2LWFlOTEtZWE1NzM0MTc0ZWY5");
Deleted : user_pref("CT3176921.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);
Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3176921.openThankYouPage", "false");
Deleted : user_pref("CT3176921.openUninstallPage", "true");
Deleted : user_pref("CT3176921.originalSearchAddressUrl", "");
Deleted : user_pref("CT3176921.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");
Deleted : user_pref("CT3176921.search.searchAppId", "10000002");
Deleted : user_pref("CT3176921.search.searchCount", "0");
Deleted : user_pref("CT3176921.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370473684992");
Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1370915241946");
Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370473685644");
Deleted : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1370915276813");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.65.43_lastUpdate", "1366414032287");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370915265111");
Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370473685395");
Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1370915268929");
Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1370915263420");
Deleted : user_pref("CT3176921.serviceLayer_services_setupAPI_lastUpdate", "1366414037839");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370473685471");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1370915241756");
Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1370915264539");
Deleted : user_pref("CT3176921.settingsINI", true);
Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3176921.showToolbarPermission", "false");
Deleted : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Deleted : user_pref("CT3176921.smartbar.Uninstall", "0");
Deleted : user_pref("CT3176921.smartbar.homepage", true);
Deleted : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Deleted : user_pref("CT3176921.startPage", "true");
Deleted : user_pref("CT3176921.toolbarBornServerTime", "17-3-2013");
Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "11-6-2013");
Deleted : user_pref("CT3176921.toolbarLoginClientTime", "Sat Jun 01 2013 16:03:17 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3176921.url_history0001.enc", "aHR0cDovL3d3dy50YXJnZXQuY2EvZW4vd2hhdHNpbnN0b3JlL2dyb2Nl[...]
Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description[...]
Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.FirstTime", "true");
Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI4NDIwMTMxNzIwNTQzMTY1OTEy");
Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3289847.UserID", "UN39204315761925123");
Deleted : user_pref("CT3289847.UserId.enc", "MGE1YzY0OWEtNzYxZi04NjY2LWY5MzAtZmE0MzE0OTE1YzRk");
Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289847.autoDisableScopes", -1);
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.cb_experience_000.enc", "NTU=");
Deleted : user_pref("CT3289847.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3289847.cb_user_id_000.enc", "Q0I2NTI5MjAwNDYwNjZfMTM2Mzc0MTI1NDM3NF9GaXJlZm94");
Deleted : user_pref("CT3289847.cbfirsttime.enc", "VHVlIE1hciAxOSAyMDEzIDIwOjAwOjU0IEdNVC0wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3289847.defaultSearch", "true");
Deleted : user_pref("CT3289847.enableAlerts", "true");
Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289847.first_time_search.enc", "MQ==");
Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289847.fixUrls", true);
Deleted : user_pref("CT3289847.homepageuserchanged", true);
Deleted : user_pref("CT3289847.hxxp___api15_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api16_similarsites_com.pid2.enc", "MmM0N2YzNzk1ZDhmZjFkMg==");
Deleted : user_pref("CT3289847.hxxp___api18_similarsites_com.pid2.enc", "MmM0N2YzNzk1ZDhmZjFkMg==");
Deleted : user_pref("CT3289847.hxxp___api18_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api19_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api20_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api21_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api22_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api25_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api26_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "ZDA0ZGI2NDYtNWNkZC1jY2EzLWM3MmYtNGY3OTI[...]
Deleted : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "OTU1NDBjYWQtNzg3Yy03ZDkwLWYyM2EtNGM1N2U[...]
Deleted : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "MmI5OTBmNGItMzNjMi1iZmQ2LTA3NmItNjExNzh[...]
Deleted : user_pref("CT3289847.hxxp___api6_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPXllcy[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTN[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7In[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "MGE1YzY0OWEtNzYxZi04NjY2LW[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Deleted : user_pref("CT3289847.installDate", "17/3/2013 13:40:51");
Deleted : user_pref("CT3289847.installId", "9818");
Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Deleted : user_pref("CT3289847.installerVersion", "1.3.6.5");
Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3289847.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3289847.mam_gk_Coming_Up_Next_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_Easytobook_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_Easytobook_targeted_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM3MDkxNTIwMjI2Mg==");
Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b2Zm");
Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI3N2ExMTEyNi02ZGM4LTQyMGYtYjNkYS05NmEyZGVkZWViM2YiO[...]
Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM3MDkxNTE5ODI4Mg==");
Deleted : user_pref("CT3289847.mam_gk_lastSettingsOpen.enc", "eyJzZXR0aW5nc1BhZ2VGdWxsVXJsIjoiaHR0cDovL2FwcC5t[...]
Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_userId.enc", "MDExZDQ0ODItNTNmYy00NDY5LTkxNDQtZWRhNTk5NThlMDVl");
Deleted : user_pref("CT3289847.mam_gk_user_approval_interacted.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3289847.openThankYouPage", "false");
Deleted : user_pref("CT3289847.openUninstallPage", "true");
Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Deleted : user_pref("CT3289847.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Deleted : user_pref("CT3289847.sac-country-code.enc", "IkNBIg==");
Deleted : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MzYwODgzNDY5OSwxNDQwMDAwMF1[...]
Deleted : user_pref("CT3289847.sac-url-user.enc", "IiI=");
Deleted : user_pref("CT3289847.sac-user-ab-groups.enc", "eyJmZWVkIjo3MCwiaG92ZXJfZWZmZWN0IjoxNCwiY2FsbF90b19hY[...]
Deleted : user_pref("CT3289847.sac-user-id.enc", "ImZiNjhlMTM0LWMyODMtNGRiNy04NTZhLTM4MTIxNDdlNTA4ZiI=");
Deleted : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2MzU0ODM3ODEyMg==");
Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Deleted : user_pref("CT3289847.search.searchCount", "0");
Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370736698858");
Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1370993529692");
Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370736699044");
Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1370915278744");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1366414028638");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370915271055");
Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370736699153");
Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1370915275503");
Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1370915269141");
Deleted : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1366414030954");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370736699301");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1370993515573");
Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1370915274213");
Deleted : user_pref("CT3289847.settingsINI", true);
Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289847.smartbar.homepage", true);
Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Deleted : user_pref("CT3289847.startPage", "true");
Deleted : user_pref("CT3289847.toolbarBornServerTime", "17-3-2013");
Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "11-6-2013");
Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Mon Jun 03 2013 06:24:10 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy50YXJnZXQuY2EvZW4vd2hhdHNpbnN0b3JlL2dyb2Nl[...]
Deleted : user_pref("CT3289847.wreck-country-code.enc", "IkNBIg==");
Deleted : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYzNjA4ODI4OTU5LDE0NDAwM[...]
Deleted : user_pref("CT3289847.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjk2LCJ0cmlnZ2VyIjo3NSwiaG92ZXJfZWZmZWN[...]
Deleted : user_pref("CT3289847.wreck-user-id.enc", "ImIzMzY2NjhlLWE3OTItNDE2OS1hYTk3LTIxNGMyYzUwYThhYyI=");
Deleted : user_pref("CT3289847.ytt-mam-test-ol-ts.enc", 2104201828);
Deleted : user_pref("CT3289847.ytt-mam-test-uid-ol.enc", "OWNiMjA3MzgtZjdhOC00ZTMzLTkwM2MtMDA2YzUzMjU4MmEw");
Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT328984[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/17&hid=2[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3176921");
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3176921");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "WADPL5FUN0TD9BF/SDAZRFGOZVZ/CYGLHXZSMJCPFPMM3K5DYVJUPIHXML2SWAD8S1/[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.yahoo.ca");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : urls_to_restore_on_startup ={"browser":{"last_known_google_url":"hxxp://www.google.ca/","last_prompted_google_url":"hxxp://www.g[...]
*************************
AdwCleaner[S1].txt - [35875 octets] - [12/06/2013 21:48:20]
########## EOF - C:\AdwCleaner[S1].txt - [35936 octets] ##########

 

[Quadrinity]

Here's the junkware report:

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 21:48:20
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Moira - MOIRA-9AEF92C25
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\3P4RLZGD\adwcleaner[3].exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : CltMngSvc
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted on reboot : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\searchplugins\WebSearch.xml
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\Moira\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Moira\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\CT3176921
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\CT3289847
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\jetpack
Folder Deleted : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\Smartbar
Folder Deleted : C:\Documents and Settings\Moira\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Moira\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Moira\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\express-files
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Moira\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\express-files
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\express-files
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\WebSearch
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\express-files
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3176921
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\express-files
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CDADDB9-0FBC-47BD-953E-505F8CF644D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52CA0E4A-9062-499A-8883-7F951FA99554}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\express-files Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88AC3CB6-596B-4217-964C-B6757EF9602D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AD1455F-5ACB-4A56-80AD-A1EDD5A2174B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\express-files Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88AC3CB6-596B-4217-964C-B6757EF9602D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/17&hid=276928473&lg=EN&cc=CA --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\prefs.js
Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3176921.FF19Solved", "true");
Deleted : user_pref("CT3176921.FirstTime", "true");
Deleted : user_pref("CT3176921.FirstTimeFF3", "true");
Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3176921.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3176921.SF_USER_ID.enc", "Y2lkXzE5MzIwMTMxODEzMTU2OTcyNQ==");
Deleted : user_pref("CT3176921.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT317[...]
Deleted : user_pref("CT3176921.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3176921.UserID", "UN10525569133264075");
Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3176921.autoDisableScopes", -1);
Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3176921.cb_experience_000.enc", "MzI=");
Deleted : user_pref("CT3176921.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3176921.cb_user_id_000.enc", "Q0IzMjYyNDI4OTgzNzNfMTM2Mzc0MTI1NDgwMl9GaXJlZm94");
Deleted : user_pref("CT3176921.cbfirsttime.enc", "VHVlIE1hciAxOSAyMDEzIDIwOjAwOjU0IEdNVC0wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3176921.defaultSearch", "true");
Deleted : user_pref("CT3176921.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3176921.enableAlerts", "always");
Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3176921.fixUrls", true);
Deleted : user_pref("CT3176921.homepageuserchanged", true);
Deleted : user_pref("CT3176921.installDate", "17/3/2013 13:37:14");
Deleted : user_pref("CT3176921.installId", "stub.exe");
Deleted : user_pref("CT3176921.installType", "conduitnsisintegration");
Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3176921.keyword", "true");
Deleted : user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3176921.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3176921.mam_gk_WindowShopper_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appStateReportTime.enc", "MTM3MDkxNTIwMjA3NQ==");
Deleted : user_pref("CT3176921.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3176921.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3176921.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3176921.mam_gk_currentBadgeValue.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3176921.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_lastLoginTime.enc", "MTM3MDkxNTE5ODI2MA==");
Deleted : user_pref("CT3176921.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3176921.mam_gk_newApps.enc", "W3siaWQiOiJFYXN5dG9ib29rIiwibmFtZSI6IkVhc3l0b2Jvb2siLCJkZ[...]
Deleted : user_pref("CT3176921.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3176921.mam_gk_userId.enc", "NzEwMjkwYWQtNzg5Yi00OWI2LWFlOTEtZWE1NzM0MTc0ZWY5");
Deleted : user_pref("CT3176921.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);
Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3176921.openThankYouPage", "false");
Deleted : user_pref("CT3176921.openUninstallPage", "true");
Deleted : user_pref("CT3176921.originalSearchAddressUrl", "");
Deleted : user_pref("CT3176921.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");
Deleted : user_pref("CT3176921.search.searchAppId", "10000002");
Deleted : user_pref("CT3176921.search.searchCount", "0");
Deleted : user_pref("CT3176921.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370473684992");
Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1370915241946");
Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370473685644");
Deleted : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1370915276813");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.65.43_lastUpdate", "1366414032287");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370915265111");
Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370473685395");
Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1370915268929");
Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1370915263420");
Deleted : user_pref("CT3176921.serviceLayer_services_setupAPI_lastUpdate", "1366414037839");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370473685471");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1370915241756");
Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1370915264539");
Deleted : user_pref("CT3176921.settingsINI", true);
Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3176921.showToolbarPermission", "false");
Deleted : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Deleted : user_pref("CT3176921.smartbar.Uninstall", "0");
Deleted : user_pref("CT3176921.smartbar.homepage", true);
Deleted : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Deleted : user_pref("CT3176921.startPage", "true");
Deleted : user_pref("CT3176921.toolbarBornServerTime", "17-3-2013");
Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "11-6-2013");
Deleted : user_pref("CT3176921.toolbarLoginClientTime", "Sat Jun 01 2013 16:03:17 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3176921.url_history0001.enc", "aHR0cDovL3d3dy50YXJnZXQuY2EvZW4vd2hhdHNpbnN0b3JlL2dyb2Nl[...]
Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description[...]
Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.FirstTime", "true");
Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI4NDIwMTMxNzIwNTQzMTY1OTEy");
Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3289847.UserID", "UN39204315761925123");
Deleted : user_pref("CT3289847.UserId.enc", "MGE1YzY0OWEtNzYxZi04NjY2LWY5MzAtZmE0MzE0OTE1YzRk");
Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289847.autoDisableScopes", -1);
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.cb_experience_000.enc", "NTU=");
Deleted : user_pref("CT3289847.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3289847.cb_user_id_000.enc", "Q0I2NTI5MjAwNDYwNjZfMTM2Mzc0MTI1NDM3NF9GaXJlZm94");
Deleted : user_pref("CT3289847.cbfirsttime.enc", "VHVlIE1hciAxOSAyMDEzIDIwOjAwOjU0IEdNVC0wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3289847.defaultSearch", "true");
Deleted : user_pref("CT3289847.enableAlerts", "true");
Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289847.first_time_search.enc", "MQ==");
Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289847.fixUrls", true);
Deleted : user_pref("CT3289847.homepageuserchanged", true);
Deleted : user_pref("CT3289847.hxxp___api15_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api16_similarsites_com.pid2.enc", "MmM0N2YzNzk1ZDhmZjFkMg==");
Deleted : user_pref("CT3289847.hxxp___api18_similarsites_com.pid2.enc", "MmM0N2YzNzk1ZDhmZjFkMg==");
Deleted : user_pref("CT3289847.hxxp___api18_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api19_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api20_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api21_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api22_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api25_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api26_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "ZDA0ZGI2NDYtNWNkZC1jY2EzLWM3MmYtNGY3OTI[...]
Deleted : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "OTU1NDBjYWQtNzg3Yy03ZDkwLWYyM2EtNGM1N2U[...]
Deleted : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "MmI5OTBmNGItMzNjMi1iZmQ2LTA3NmItNjExNzh[...]
Deleted : user_pref("CT3289847.hxxp___api6_starwebnet_com.pid2.enc", "Y2E5NTI3OTcwNTI0MzUxYQ==");
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPXllcy[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache.enc", "WyJjODIyYzFiNjM4NTN[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOlt7In[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "MGE1YzY0OWEtNzYxZi04NjY2LW[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Deleted : user_pref("CT3289847.installDate", "17/3/2013 13:40:51");
Deleted : user_pref("CT3289847.installId", "9818");
Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Deleted : user_pref("CT3289847.installerVersion", "1.3.6.5");
Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3289847.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3289847.mam_gk_Coming_Up_Next_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_Easytobook_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_Easytobook_targeted_appState.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM3MDkxNTIwMjI2Mg==");
Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b2Zm");
Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI3N2ExMTEyNi02ZGM4LTQyMGYtYjNkYS05NmEyZGVkZWViM2YiO[...]
Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM3MDkxNTE5ODI4Mg==");
Deleted : user_pref("CT3289847.mam_gk_lastSettingsOpen.enc", "eyJzZXR0aW5nc1BhZ2VGdWxsVXJsIjoiaHR0cDovL2FwcC5t[...]
Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_userId.enc", "MDExZDQ0ODItNTNmYy00NDY5LTkxNDQtZWRhNTk5NThlMDVl");
Deleted : user_pref("CT3289847.mam_gk_user_approval_interacted.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3289847.openThankYouPage", "false");
Deleted : user_pref("CT3289847.openUninstallPage", "true");
Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Deleted : user_pref("CT3289847.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Deleted : user_pref("CT3289847.sac-country-code.enc", "IkNBIg==");
Deleted : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2MzYwODgzNDY5OSwxNDQwMDAwMF1[...]
Deleted : user_pref("CT3289847.sac-url-user.enc", "IiI=");
Deleted : user_pref("CT3289847.sac-user-ab-groups.enc", "eyJmZWVkIjo3MCwiaG92ZXJfZWZmZWN0IjoxNCwiY2FsbF90b19hY[...]
Deleted : user_pref("CT3289847.sac-user-id.enc", "ImZiNjhlMTM0LWMyODMtNGRiNy04NTZhLTM4MTIxNDdlNTA4ZiI=");
Deleted : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2MzU0ODM3ODEyMg==");
Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Deleted : user_pref("CT3289847.search.searchCount", "0");
Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370736698858");
Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1370993529692");
Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370736699044");
Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1370915278744");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1366414028638");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370915271055");
Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370736699153");
Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1370915275503");
Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1370915269141");
Deleted : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1366414030954");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370736699301");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1370993515573");
Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1370915274213");
Deleted : user_pref("CT3289847.settingsINI", true);
Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289847.smartbar.homepage", true);
Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Deleted : user_pref("CT3289847.startPage", "true");
Deleted : user_pref("CT3289847.toolbarBornServerTime", "17-3-2013");
Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "11-6-2013");
Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Mon Jun 03 2013 06:24:10 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy50YXJnZXQuY2EvZW4vd2hhdHNpbnN0b3JlL2dyb2Nl[...]
Deleted : user_pref("CT3289847.wreck-country-code.enc", "IkNBIg==");
Deleted : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzYzNjA4ODI4OTU5LDE0NDAwM[...]
Deleted : user_pref("CT3289847.wreck-user-ab-groups.enc", "eyJkZXNpZ24iOjk2LCJ0cmlnZ2VyIjo3NSwiaG92ZXJfZWZmZWN[...]
Deleted : user_pref("CT3289847.wreck-user-id.enc", "ImIzMzY2NjhlLWE3OTItNDE2OS1hYTk3LTIxNGMyYzUwYThhYyI=");
Deleted : user_pref("CT3289847.ytt-mam-test-ol-ts.enc", 2104201828);
Deleted : user_pref("CT3289847.ytt-mam-test-uid-ol.enc", "OWNiMjA3MzgtZjdhOC00ZTMzLTkwM2MtMDA2YzUzMjU4MmEw");
Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT328984[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/17&hid=2[...]
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3176921");
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3176921");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "WADPL5FUN0TD9BF/SDAZRFGOZVZ/CYGLHXZSMJCPFPMM3K5DYVJUPIHXML2SWAD8S1/[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.yahoo.ca");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : urls_to_restore_on_startup ={"browser":{"last_known_google_url":"hxxp://www.google.ca/","last_prompted_google_url":"hxxp://www.g[...]
*************************
AdwCleaner[S1].txt - [35875 octets] - [12/06/2013 21:48:20]
########## EOF - C:\AdwCleaner[S1].txt - [35936 octets] ##########

 

[Quadrinity]

This is Extras.txt:

OTL Extras logfile created on: 6/12/2013 10:09:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Moira\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.96% Memory free
3.33 Gb Paging File | 2.47 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.43 Gb Total Space | 5.26 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 265.83 Gb Free Space | 57.07% Space Free | Partition Type: NTFS

Computer Name: MOIRA-9AEF92C25 | User Name: Moira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"15739:TCP" = 15739:TCP:*:Enabled:BitComet 15739 TCP
"15739:UDP" = 15739:UDP:*:Enabled:BitComet 15739 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79692C8F-FB12-4B46-9F6A-D9A11B8951E9}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8530 smartphone
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8506C2FE-C642-4375-8E8B-E9874CA942AC}" = FileCleaner
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0DB63F5-0936-41D2-B400-89707218FAAC}" = Memeo LifeAgent Explorer Extension
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitComet" = BitComet 1.31
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"FrostWire" = FrostWire 4.21.8
"FrostWire 5" = FrostWire 5.5.5
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"RSX2Uninst" = Intel RSX 3D
"SP_48c708f2" = BrowseToSave 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E002314-9999-4402-9823-1CB9E6098849}_is1" = Shopping InContext
"UnityWebPlayer" = Unity Web Player
"WeatherEye" = WeatherEye

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2013 7:26:19 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application BitComet.exe, version 1.31.12.12, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2013 7:34:56 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 20.0.1.4847, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2013 7:46:59 PM | Computer Name = MOIRA-9AEF92C25 | Source = Microsoft Office 14 | ID = 1000
Description = Faulting application outlook.exe, version 14.0.4734.1000, stamp 4b58fdfa,
faulting module msvcr90.dll, version 9.0.30729.6161, stamp 4dace5b9, debug? 0,
fault address 0x0003ae7a.

Error - 6/11/2013 9:13:18 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2013 9:13:18 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/11/2013 10:10:31 PM | Computer Name = MOIRA-9AEF92C25 | Source = Microsoft Office 14 | ID = 1000
Description = Faulting application outlook.exe, version 14.0.4734.1000, stamp 4b58fdfa,
faulting module msvcr90.dll, version 9.0.30729.6161, stamp 4dace5b9, debug? 0,
fault address 0x0003ae7a.

Error - 6/12/2013 7:13:49 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application DrWiFi.exe, version 11.1.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2013 10:40:51 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2013 10:41:01 PM | Computer Name = MOIRA-9AEF92C25 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/12/2013 10:48:20 PM | Computer Name = MOIRA-9AEF92C25 | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 6/11/2013 8:16:05 AM | Computer Name = MOIRA-9AEF92C25 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 6/11/2013 6:09:05 PM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 6/11/2013 6:10:18 PM | Computer Name = MOIRA-9AEF92C25 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 6/11/2013 9:41:26 PM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 6/11/2013 10:16:47 PM | Computer Name = MOIRA-9AEF92C25 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/12/2013 7:48:04 AM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 6/12/2013 4:36:04 PM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 6/12/2013 7:24:16 PM | Computer Name = MOIRA-9AEF92C25 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/12/2013 10:30:13 PM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.

Error - 6/12/2013 10:50:34 PM | Computer Name = MOIRA-9AEF92C25 | Source = Print | ID = 23
Description = Printer Corel Barista failed to initialize because a suitable Corel
Barista driver could not be found.


< End of report >

 

[Quadrinity]

The OTL. txt is more than 50,000 characters:

Here's part 1:
OTL logfile created on: 6/12/2013 10:09:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Moira\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.96% Memory free
3.33 Gb Paging File | 2.47 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.43 Gb Total Space | 5.26 Gb Free Space | 7.37% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 265.83 Gb Free Space | 57.07% Space Free | Partition Type: NTFS

Computer Name: MOIRA-9AEF92C25 | User Name: Moira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 22:01:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moira\Desktop\OTL.exe
PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/12/12 05:08:06 | 011,761,456 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/04/22 19:50:22 | 000,085,784 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackupPro\MemeoUpdater.exe
PRC - [2010/04/22 19:49:40 | 001,479,904 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackup.exe
PRC - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 21:11:42 | 015,895,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/01/16 09:54:08 | 000,717,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/02/21 13:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 13:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 13:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 13:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [1998/04/14 03:00:00 | 000,202,240 | ---- | M] (Corel Corporation Limited) -- C:\Corel\Suite8\Programs\DAD8.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/16 18:43:30 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\de05efc01b3df13dfa787f3362f1ec26\System.Xml.Linq.ni.dll
MOD - [2013/05/16 17:04:28 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/16 07:35:12 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/15 21:58:45 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/05/15 21:58:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/05/15 21:54:11 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\655c70628497117a1008510a401f84d3\PresentationFramework.ni.dll
MOD - [2013/05/15 21:53:43 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\6fcb023855a4670d86e80ac4744b0efe\PresentationCore.ni.dll
MOD - [2013/05/15 21:53:22 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0eef0fa73253bcea73885b6912c5433\WindowsBase.ni.dll
MOD - [2013/05/15 21:52:56 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\261b2323f46266bf9039ebc350ef466a\System.Windows.Forms.ni.dll
MOD - [2013/05/15 21:52:38 | 000,742,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\536eaae9a4c908cf22279abc73764029\System.Security.ni.dll
MOD - [2013/05/15 21:52:33 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\347f5b43b525120fe2f33d92d75337f2\System.Core.ni.dll
MOD - [2013/02/13 08:58:13 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/13 08:57:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 08:56:48 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/10 18:06:54 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
MOD - [2013/01/09 22:46:55 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/09 21:31:03 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/09 18:37:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 18:36:53 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 18:36:02 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/09 18:32:17 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 18:31:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 08:53:36 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll
MOD - [2013/01/09 08:53:28 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/09 08:52:42 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/09 08:51:45 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/09 08:51:32 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/11/16 21:40:30 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.DSOFile\2.1.0.0__63b82a8957e80a37\Interop.DSOFile.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/04/22 19:49:56 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackupPro\Memeo.Client.UI.dll
MOD - [2010/04/22 19:49:52 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackupPro\Memeo.Client.DriveDetection.dll
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackupPro\sqlite3.dll
MOD - [2010/01/21 01:47:32 | 000,122,720 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/10/29 21:49:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp
MOD - [2007/03/16 20:10:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/02/21 13:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/17 18:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [1998/04/14 03:00:00 | 000,581,632 | ---- | M] () -- C:\Corel\Suite8\Shared\IDAPI\IDAPI32.DLL
MOD - [1998/04/14 03:00:00 | 000,350,720 | ---- | M] () -- C:\Corel\Suite8\Shared\IDAPI\BLW32.DLL
MOD - [1998/04/14 03:00:00 | 000,255,488 | ---- | M] () -- C:\Corel\Suite8\Shared\IDAPI\IDPDX32.DLL
MOD - [1998/04/14 03:00:00 | 000,114,176 | ---- | M] () -- C:\Corel\Suite8\Shared\IDAPI\IDR20009.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/11 19:07:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/17 18:01:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/02/21 13:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\apps\PC Wizard\pcwiz_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Moira\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/10/07 12:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/12/18 13:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007/02/21 13:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 15:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005/09/28 20:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/15 20:53:12 | 000,271,704 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/06/17 16:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 17:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0597D131-0C01-44CA-A1EA-A1B2DD877B3A}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/news/index.html
IE - HKCU\..\SearchScopes,DefaultScope = {0597D131-0C01-44CA-A1EA-A1B2DD877B3A}
IE - HKCU\..\SearchScopes\{0597D131-0C01-44CA-A1EA-A1B2DD877B3A}: "URL" = http://www.google.ca/search?q={sear...putEncoding}&sourceid=ie7&rlz=1I7GZAG_enCA439
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.ca"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - prefs.js..extensions.enabledAddons: %7B88ac3cb6-596b-4217-964c-b6757ef9602d%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7B739df940-c5ee-4bab-9d7e-270894ae687a%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Moira\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/15 20:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/15 19:42:19 | 000,000,000 | ---D | M]

[2012/01/25 20:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moira\Application Data\Mozilla\Extensions
[2013/06/12 21:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions
[2012/02/23 22:41:10 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2013/03/17 14:45:03 | 000,000,000 | ---D | M] (Browyse2Saave) -- C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\ltdqo@rmqu.org
[2013/03/17 14:45:01 | 000,000,000 | ---D | M] (SSEyaarch-NNewTaab) -- C:\Documents and Settings\Moira\Application Data\Mozilla\Firefox\Profiles\v0hi8m7e.default\extensions\oaeiaeiiai@ddvkhai.co.uk
[2013/04/17 18:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/17 18:00:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\12.2.5.4\
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\15.2.0.5
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOIRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V0HI8M7E.DEFAULT\EXTENSIONS\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOIRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V0HI8M7E.DEFAULT\EXTENSIONS\{88AC3CB6-596B-4217-964C-B6757EF9602D}
[2011/07/06 16:33:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/04/17 18:01:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/03 01:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013/03/07 09:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 09:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifpnpclncngggbdnimnipnkdbcmnlbmc\1\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Documents and Settings\Moira\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppjofjpakndjblplhpfhhfbkmbhomnek\1\

O1 HOSTS File: ([2013/06/12 18:34:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE (Corel Corporation Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Moira\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1370906202875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.5 142.165.21.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64C1928F-95F8-46A0-A2AE-587A3EC4E093}: DhcpNameServer = 142.165.200.5 142.165.21.5
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Moira\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Moira\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/22 03:35:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

[Quadrinity]

Here is part 2:

========== Files/Folders - Created Within 30 Days ==========

[2013/06/12 22:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/12 22:04:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/12 22:01:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moira\Desktop\OTL.exe
[2013/06/12 22:00:35 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Moira\Desktop\JRT.exe
[2013/06/12 18:43:50 | 175,574,776 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Moira\Desktop\avg_ipw_x86_all_2011_1432a5712.exe
[2013/06/12 18:19:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/06/12 18:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moira\Application Data\TuneUp Software
[2013/06/11 21:12:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/06/11 21:10:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/11 21:10:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/11 21:10:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/11 21:10:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/11 21:05:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/11 21:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/11 21:02:02 | 005,079,370 | R--- | C] (Swearware) -- C:\Documents and Settings\Moira\Desktop\ComboFix.exe
[2013/06/11 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moira\Desktop\Bad Image Virus
[2013/06/11 18:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/06/10 21:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Moira\Start Menu\Programs\Administrative Tools
[2013/06/10 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 12:03:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/10 12:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/10 11:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moira\Application Data\Foresight Software
[2013/06/10 11:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Foresight Software
[2013/06/09 21:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moira\Application Data\RegistryTool
[2013/06/09 21:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryTool
[2013/06/02 21:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2013/05/23 21:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/05/23 21:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/12 22:13:13 | 000,779,264 | ---- | M] () -- C:\Documents and Settings\Moira\Desktop\Moiras Contacts.pst
[2013/06/12 22:09:45 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/06/12 22:06:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/12 22:01:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moira\Desktop\OTL.exe
[2013/06/12 22:00:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Moira\Desktop\JRT.exe
[2013/06/12 21:50:36 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/12 21:50:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/12 19:03:46 | 175,574,776 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Moira\Desktop\avg_ipw_x86_all_2011_1432a5712.exe
[2013/06/12 18:47:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/12 18:34:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/12 18:22:29 | 005,079,370 | R--- | M] (Swearware) -- C:\Documents and Settings\Moira\Desktop\ComboFix.exe
[2013/06/12 18:20:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/12 18:13:34 | 000,303,722 | ---- | M] () -- C:\Documents and Settings\Moira\Desktop\AVGInstLog.cab
[2013/06/12 08:14:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F0BECA1-A2DF-4E7E-AB94-3CC74FB35C1E}.job
[2013/06/11 21:12:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/11 20:26:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/11 19:32:48 | 000,518,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/11 19:32:47 | 000,092,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/03 23:52:15 | 000,007,444 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013/06/02 22:08:29 | 000,013,785 | ---- | M] () -- C:\ads_err.adt
[2013/06/02 22:05:26 | 000,003,072 | ---- | M] () -- C:\ads_err.adi
[2013/06/02 22:05:25 | 000,004,559 | ---- | M] () -- C:\ads_err.adm
[2013/06/02 22:04:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/06/02 21:30:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/06/02 21:27:29 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2013/05/25 21:25:11 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\Moira\My Documents\spider.sav
[2013/05/23 21:51:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/05/23 21:03:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/16 06:58:28 | 000,524,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/12 18:13:34 | 000,303,722 | ---- | C] () -- C:\Documents and Settings\Moira\Desktop\AVGInstLog.cab
[2013/06/11 21:12:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/06/11 21:12:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/06/11 21:10:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/11 21:10:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/11 21:10:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/11 21:10:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/11 21:10:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/06/03 23:52:15 | 000,007,444 | ---- | C] () -- C:\WirelessDiagLog.csv
[2013/06/02 22:55:07 | 001,324,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/06/02 22:05:07 | 000,013,785 | ---- | C] () -- C:\ads_err.adt
[2013/06/02 22:05:07 | 000,004,559 | ---- | C] () -- C:\ads_err.adm
[2013/06/02 22:05:07 | 000,003,072 | ---- | C] () -- C:\ads_err.adi
[2013/06/02 22:04:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/06/02 21:30:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/05/23 21:51:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/01/04 21:59:41 | 000,110,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/08/25 22:59:15 | 001,329,388 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1229272821-839522115-1004-0.dat
[2012/08/25 22:59:03 | 000,420,886 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/14 18:31:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/15 19:48:59 | 000,038,471 | ---- | C] () -- C:\Documents and Settings\Moira\Application Data\Comma Separated Values (DOS).ADR
[2011/08/25 20:17:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2011/07/23 16:53:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Moira\CD
[2011/07/06 06:11:12 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Moira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 21:52:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/06/23 20:37:36 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/06/23 20:37:36 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/06/23 20:37:36 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/06/23 20:37:36 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/06/23 20:37:36 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/06/23 20:37:36 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/06/23 20:37:36 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/06/23 20:37:36 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/06/23 20:37:36 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/06/23 20:37:36 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/06/23 20:37:36 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/06/23 20:37:36 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/06/23 20:37:36 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/06/23 20:37:36 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/06/23 20:37:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/06/23 20:37:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/06/20 18:25:20 | 000,000,598 | ---- | C] () -- C:\WINDOWS\csreg.dat
[2011/05/26 04:36:10 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\Moira\Application Data\Comma Separated Values (Windows).ADR
[2011/05/26 04:36:10 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Moira\Application Data\Microsoft Excel.ADR

========== ZeroAccess Check ==========

[2011/07/04 21:24:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/23 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/05/27 02:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2013/06/12 21:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/10 21:02:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/10 11:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Foresight Software
[2012/07/28 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2011/07/04 21:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2013/06/12 21:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/06 00:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/09/11 11:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2011/06/27 21:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/16 14:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\AVG
[2013/06/12 22:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\BitComet
[2011/07/05 22:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Blackberry Desktop
[2011/05/26 04:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Costco Photo Viewer CA-EN
[2011/05/26 04:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\DIMAGE
[2011/06/23 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Easy Duplicate Finder
[2012/03/04 18:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\eBookPro6
[2013/04/27 09:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\FileCleaner
[2013/06/10 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Foresight Software
[2013/05/30 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\FrostWire
[2012/08/25 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\GARMIN
[2011/05/26 04:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Image Zone Express
[2011/05/26 04:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Leadertech
[2011/05/26 04:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\LimeWire
[2012/08/14 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Memeo
[2011/08/22 07:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Panasonic
[2013/06/09 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\RegistryTool
[2011/07/06 06:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Research In Motion
[2011/07/04 21:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Seagate
[2011/05/25 06:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\SystemRequirementsLab
[2013/06/12 18:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\TuneUp Software
[2011/07/15 22:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\TuneUpMedia
[2011/06/09 06:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Windows Desktop Search
[2011/06/20 18:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\Windows Search

========== Purity Check ==========


< End of report >
I still have no AVG , unless I download the free version.

 

[Broni]

You can always contact AVG but meanwhile...
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\apps\PC Wizard\pcwiz_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Moira\LOCALS~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\12.2.5.4\
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\15.2.0.5
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOIRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V0HI8M7E.DEFAULT\EXTENSIONS\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOIRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\V0HI8M7E.DEFAULT\EXTENSIONS\{88AC3CB6-596B-4217-964C-B6757EF9602D}
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
[2013/06/12 18:43:50 | 175,574,776 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Moira\Desktop\avg_ipw_x86_all_2011_1432a5712.exe
[2013/06/09 21:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moira\Application Data\RegistryTool
[2013/06/12 18:13:34 | 000,303,722 | ---- | M] () -- C:\Documents and Settings\Moira\Desktop\AVGInstLog.cab
[2013/06/12 21:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/16 14:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moira\Application Data\AVG


:Services

:Reg

:Files
C:\FRST
C:\Program Files\AVG

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Quadrinity]

OMG Broni - does this ever end? I will do your latest installs tomorrow.

 

[Broni]

Wow! If you're unhappy we can stop right now.
I'm not sure if you realize that I'm spending my free time trying to help you out.
I think your comment is outrageous...

 

[Quadrinity]

No Broni, I am not unhappy. I am sorry if I appear ungrateful, that was not my intention. I just had no idea how many steps are involved in getting rid of this virus. I also am not confident in what I am doing as I follow your steps.
I am very, very grateful for your help, I just am finding this all so overwhelming for me, who is not computer savvy.
Please accept my sincerest apology.

 

[Quadrinity]

Here are the results of the OTL scan:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File E:\apps\PC Wizard\pcwiz_x32.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Moira\LOCALS~1\Temp\catchme.sys not found.
Prefs.js: avg%40toolbar:15.2.0.5 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
File C:\Documents and Settings\Moira\Desktop\avg_ipw_x86_all_2011_1432a5712.exe not found.
C:\Documents and Settings\Moira\Application Data\RegistryTool\Results folder moved successfully.
C:\Documents and Settings\Moira\Application Data\RegistryTool\QuarantineW\2013-06-09 22-01-170 folder moved successfully.
C:\Documents and Settings\Moira\Application Data\RegistryTool\QuarantineW folder moved successfully.
C:\Documents and Settings\Moira\Application Data\RegistryTool\PCOBackups folder moved successfully.
C:\Documents and Settings\Moira\Application Data\RegistryTool\Logs folder moved successfully.
C:\Documents and Settings\Moira\Application Data\RegistryTool folder moved successfully.
File C:\Documents and Settings\Moira\Desktop\AVGInstLog.cab not found.
C:\Documents and Settings\All Users\Application Data\AVG10\SetupCoreBackup\1513 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\SetupCoreBackup\1511 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\SetupCoreBackup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\Moira\Application Data\AVG\Rescue\Strartup Manager folder moved successfully.
C:\Documents and Settings\Moira\Application Data\AVG\Rescue folder moved successfully.
C:\Documents and Settings\Moira\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Documents and Settings\Moira\Application Data\AVG\PC Tuneup 2011 folder moved successfully.
C:\Documents and Settings\Moira\Application Data\AVG folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
Folder move failed. C:\Program Files\AVG\AVG2013\Tuneup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Notification scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\myapps scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html\reportcard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Content scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party\licenses scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013 scheduled to be moved on reboot.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang folder moved successfully.
C:\Program Files\AVG\AVG PC Tuneup 2011\Data folder moved successfully.
C:\Program Files\AVG\AVG PC Tuneup 2011 folder moved successfully.
Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Moira
->Temp folder emptied: 288555 bytes
->Temporary Internet Files folder emptied: 20576515 bytes
->FireFox cache emptied: 12736401 bytes
->Google Chrome cache emptied: 5928667 bytes
->Flash cache emptied: 724 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2098306 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Moira

User: My Documents

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Moira
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06132013_065924
Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\AVG\AVG2013\Tuneup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Notification scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\myapps scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html\reportcard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html\reportcard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Content scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party\licenses scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party\licenses scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Tuneup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Notification scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\myapps scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html\reportcard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Content scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party\licenses scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Tuneup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\sounds scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Notification scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\myapps scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html\reportcard scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\html scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\Content scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\pct scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\obx scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\firewall scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\fas scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav\component scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs\dav scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\awacs scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party\licenses scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013\3rd_party scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG\AVG2013 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.
C:\Documents and Settings\Moira\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFCC12.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFCFC8.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFDED4.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFDEFB.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFE2D5.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DFE561.tmp not found!
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\TVK19FS8\push[1].htm moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\O1VM8R9K\zrt_lookup[1].html moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\D8CR9BE3\ads[1].htm moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\D8CR9BE3\page-2[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Quadrinity]

Here are the results of the security check:

esults of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG 2013
AVG PC Tuneup 2011
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC Tuneup 2011
FileCleaner
Java(TM) 6 Update 31
Java 7 Update 21
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 20.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

 

[Quadrinity]

Here are the results of the Farbar Service Scan:

Farbar Service Scanner Version: 31-05-2013 01
Ran by Moira (administrator) on 13-06-2013 at 07:22:09
Running from "C:\Documents and Settings\Moira\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(12) Avgtdix(13) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0D00000005000000010000000200000003000000040000000A0000000B0000000D000000060000000700000008000000090000000C000000
IpSec Tag value is correct.
**** End of log ****

 

[Quadrinity]

I ran TFC.
I began to run ESET and got to step 2 and it is saying Initialization
Cannot get update - is proxy configured?

 

[Broni]

Use different browser to run Eset.

 

[Quadrinity]

I tried it using Firefox as the browser and get the same message

 

[Broni]

Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[Quadrinity]

I clicked on the F-Secure link you posted - it took me to a main page.
I navigated through a couple of screens and then was able to downloaded the program.
It started automatically (didn't have a Run Check button or Start). It went through my system, and there as no Next Button. A pop up came on the screen saying there were no harmful files. There was no report for me to copy and paste.

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[Quadrinity]

Broni, I've updated my Adobe, and removed the older versions of Java. Have a meeting to go to right now, will do the rest when I get back - thank you

 

[Broni]

 

[Quadrinity]

Here's the OTL scan results:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Moira
->Temp folder emptied: 272475 bytes
->Temporary Internet Files folder emptied: 3994786 bytes
->FireFox cache emptied: 7092052 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: My Documents

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 418476 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Moira
->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Moira

User: My Documents

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.69.0 log created on 06132013_201644
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF72B7.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF74E5.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF78C4.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF823A.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF835B.tmp not found!
File\Folder C:\Documents and Settings\Moira\Local Settings\Temp\~DF8393.tmp not found!
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\TFEB50LJ\ads[1].htm moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\TFEB50LJ\page-3[1].htm moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\TFEB50LJ\push[1].htm moved successfully.
C:\Documents and Settings\Moira\Local Settings\Temporary Internet Files\Content.IE5\TFEB50LJ\zrt_lookup[1].html moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Quadrinity]

Broni:
I've completed all the downloads - Yippee!
Thank you again for all your patience and understanding.
For someone who wasn't confident in doing all your tasks, your instructions were bang on!
If I can do it, anyone can - LOL!
You were awesome - I no longer have those annoying Bad Image pop ups - I no longer have Firefox as my default browser for my Outlook (it was awful - really, really slow), my computer seems to be doing well for an 8+ yr old laptop.
Thank you again!

 

[Broni]

You did very well as well

Way to go!!
Good luck and stay safe