Inactive Posting logs for redirect malware/spyware virus removal

K

Kookie Gram

Posts: 14   +0
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by KD at 22:27:29 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2609 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mURLSearchHooks: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google] rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Google] rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C} : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C}\C4560264C656572702445602C49637 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
BHO-X64: BitLord Security Bar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\
FF - prefs.js: browser.search.selectedEngine - BitLord Security Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 8309d8f5-ace5-427d-a02f-9988d36dedc7
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-24 44808]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-11 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-12-24 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-11 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-10-11 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-24 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-25 02:33:04 -------- d-----w- C:\Users\KD\AppData\Roaming\Malwarebytes
2012-07-25 02:32:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-25 02:32:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-25 02:32:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-25 01:58:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-25 01:58:05 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-25 01:58:01 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-25 01:57:42 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-25 01:57:27 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-25 01:57:27 -------- d-----w- C:\Program Files\AVAST Software
2012-07-21 14:56:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-07-21 14:53:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-21 14:53:14 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-17 01:52:22 -------- d-----w- C:\Users\KD\AppData\Local\Macromedia
2012-07-17 01:52:17 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-07-17 01:52:15 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-07-17 00:12:08 -------- d-----w- C:\Users\KD\AppData\Local\ElevatedDiagnostics
2012-07-16 23:19:44 -------- d-----w- C:\Windows\pss
2012-07-14 20:31:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-14 20:31:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-14 20:21:03 -------- d-----w- C:\Users\KD\AppData\Roaming\PC Cleaners
2012-07-14 20:20:55 4274488 ----a-w- C:\Windows\uninst.exe
2012-07-14 20:20:55 -------- d-----w- C:\Users\KD\AppData\Roaming\PCPro
2012-07-14 20:20:54 -------- d-----w- C:\ProgramData\PC1Data
2012-07-14 20:20:54 -------- d-----w- C:\Program Files (x86)\PC Cleaners
2012-07-14 04:37:44 -------- d-----w- C:\Users\KD\AppData\Local\{7AE5942C-AB73-43A1-B46D-5C0BCD6A2438}
2012-07-14 04:37:34 -------- d-----w- C:\Users\KD\AppData\Local\{AEC39731-98A3-4345-A113-C0C23132FF3E}
2012-07-14 03:12:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 11:09:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06241A05-E5AD-4E75-B24D-0BB3D7B48CE3}\mpengine.dll
2012-07-12 08:06:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 20:22:15 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 23:29:10 -------- d-----w- C:\Program Files (x86)\Rovio
2012-07-10 23:27:31 -------- d-----w- C:\Users\KD\AppData\Roaming\Rovio
2012-07-10 16:39:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-29 15:03:55 -------- d-----w- C:\Users\KD\AppData\Roaming\Cakewalk
2012-06-29 14:54:41 -------- d-----w- C:\Program Files (x86)\IK Multimedia
2012-06-29 14:51:48 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-06-29 14:51:47 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2012-06-29 14:48:41 -------- d-----w- C:\ProgramData\Cakewalk
2012-06-28 22:36:42 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-06-28 22:36:41 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-06-28 17:20:38 -------- d-----w- C:\Users\KD\Tracing
2012-06-28 16:41:03 -------- d-----w- C:\Windows\en
2012-06-28 16:40:21 -------- d-----w- C:\Windows\fr
2012-06-28 16:36:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\233966d21cd554c02\MeshBetaRemover.exe
2012-06-28 16:36:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DSETUP.dll
2012-06-28 16:36:15 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DXSETUP.exe
2012-06-28 16:36:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\dsetup32.dll
2012-06-28 16:35:25 -------- d-----w- C:\Users\KD\AppData\Local\{832278FD-5555-4C09-809B-FF57BE34846C}
2012-06-28 16:35:14 -------- d-----w- C:\Users\KD\AppData\Local\{BF13BD5C-7925-4128-8CA9-41952573241A}
2012-06-28 16:00:54 -------- d-----w- C:\ProgramData\Propellerhead Software
2012-06-28 16:00:37 -------- d-----w- C:\Users\KD\AppData\Roaming\Propellerhead Software
2012-06-28 15:53:31 -------- d-----w- C:\Program Files (x86)\Propellerhead
2012-06-28 09:43:38 -------- d-----w- C:\Users\KD\AppData\Local\{A251F060-8D35-412C-8E88-AC74C354DF8D}
2012-06-28 09:43:28 -------- d-----w- C:\Users\KD\AppData\Local\{CF630B14-6C5B-459B-B80A-571E0C40F71F}
2012-06-28 09:42:20 -------- d-----w- C:\Users\KD\AppData\Local\{CEBAD0C0-B6EC-4BAA-A95D-5F91A0287CDA}
2012-06-28 09:42:10 -------- d-----w- C:\Users\KD\AppData\Local\{C2F1E182-89D2-4E45-98DC-6355A9150279}
2012-06-28 09:40:21 -------- d-----w- C:\Users\KD\AppData\Local\{EB0B89BB-1CBD-479E-A5C1-CA8F856703DB}
2012-06-28 09:40:11 -------- d-----w- C:\Users\KD\AppData\Local\{ABD1AF64-2146-4186-9DC6-D6D582A026D1}
2012-06-28 09:32:05 -------- d-----w- C:\Users\KD\AppData\Local\{0666E6EF-E83D-44BA-9D25-64BD88960E92}
2012-06-28 09:31:55 -------- d-----w- C:\Users\KD\AppData\Local\{5CD089D3-FDFC-484A-9C1C-A290C4AD9838}
2012-06-28 09:07:44 -------- d-----w- C:\Users\KD\AppData\Local\{F50A916D-DB28-47FD-B0C5-6BC3A771E658}
2012-06-28 09:07:34 -------- d-----w- C:\Users\KD\AppData\Local\{C899A96E-586E-4846-8CA0-24F54BDB5A70}
2012-06-28 08:52:16 -------- d-----w- C:\ProgramData\PreSonus
2012-06-28 08:52:12 -------- d-----w- C:\Users\KD\AppData\Roaming\PreSonus
2012-06-28 08:51:26 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2012-06-28 08:51:09 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-06-26 00:02:17 -------- d-----w- C:\Users\KD\AppData\Roaming\Registry Mechanic
2012-06-25 19:13:15 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-06-25 19:13:14 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic
2012-06-25 18:13:26 -------- d-----w- C:\Users\KD\AppData\Local\{FBA1CF5D-8AF4-4969-B7DE-6225C5F0A0CD}
2012-06-25 18:13:10 -------- d-----w- C:\Users\KD\AppData\Local\{37EA96E1-BE0B-43C1-BAFA-F0999F80D424}
.
==================== Find3M ====================
.
2012-07-17 01:52:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 01:52:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 04:10:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:28:29.17 ===============
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.24.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KD :: KERIROCHELLE-PC [administrator]
Protection: Enabled
7/24/2012 9:43:09 PM
mbam-log-2012-07-24 (21-43-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190457
Time elapsed: 5 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
Files Detected: 21
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\KD\AppData\Local\Temp\0.1881648138074531 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\KD\AppData\Local\Temp\0.26461316214304664 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\icqkaaw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\jpfswsjpuq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\kcblslaldm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\raenbp.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\usrwsgcx.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\vjddzprjt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\icqkaaw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\jpfswsjpuq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\kcblslaldm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\raenbp.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\usrwsgcx.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\KD\Local Settings\Application Data\vjddzprjt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\Installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\emgebiileljojhajhpchfidnbkfodlob.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
(end)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
Hi Dragon Master Jay. Thank you so much for responding so fast! I just a regular chick who like to figure out things on my own and this re direct virus was giving me the flucks. I searched and tried a few other things that, of course, didn't work. Then I found this site and so far I feel like I'm on the right path. Just curious....DRAGON Master? how did you get that name
Time : 25/07/2012 22:24:51
--------------------------
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll

[PARTICULAR] Time : 25/07/2012 22:25:21
--------------------------
[@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@

[PARTICULAR] Time : 25/07/2012 22:25:21
--------------------------
[00000004.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000004.@

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[00000008.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[000000cb.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\000000cb.@

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[00000004.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\00000004.@

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[1afb2d56.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\1afb2d56

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[201d3dde.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\201d3dde

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
[@.vir] -> c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_32\desktop.ini

[PARTICULAR] Time : 25/07/2012 22:25:26
--------------------------
ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_64\desktop.ini

Time : 25/07/2012 22:25:31
--------------------------
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll

Time : 25/07/2012 22:27:21
--------------------------
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
[7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
ERROR [rundll32.exe.vir] -> rundll32.exe
[hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: KD [Admin rights]
Mode: Scan -- Date: 07/25/2012 22:24:53
¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 9 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3469416681-2208332565-2609205558-1000[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\KD\AppData\Local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22A23T0 +++++
--- User ---
[MBR] 11c43ab68d1d64c1131dc53cecbcdece
[BSP] 8453b8f6edcb641ce1d5ed804b91f420 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: KD [Admin rights]
Mode: Remove -- Date: 07/25/2012 22:25:32
¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\KD\AppData\Local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\000000cb.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 1afb2d56 : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\1afb2d56 --> REMOVED
[Del.Parent][FILE] 201d3dde : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22A23T0 +++++
--- User ---
[MBR] 11c43ab68d1d64c1131dc53cecbcdece
[BSP] 8453b8f6edcb641ce1d5ed804b91f420 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: KD [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/25/2012 22:27:23
¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
[SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 867 / Fail 0
My documents: Success 165 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 573 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 88 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
¤¤¤ Infection : ZeroAccess ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
OTL Extras logfile created on: 7/26/2012 7:18:49 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KD\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.52% Memory free
7.71 Gb Paging File | 6.16 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.99 Gb Total Space | 188.32 Gb Free Space | 67.26% Space Free | Partition Type: NTFS

Computer Name: KERIROCHELLE-PC | User Name: KD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{13C0A937-797F-847A-7FF5-010EAC327493}" = Fooz Kids
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170BF54-7808-45EE-AB06-6BCE7A254E29}" = Angry Birds Space
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"BitLord" = BitLord 2.1
"BitLord_Security_Bar Toolbar" = BitLord Security Bar Toolbar
"BN_DesktopReader" = NOOK for PC
"FoozKids" = Fooz Kids
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Gateway MyBackup
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Cleaners" = PC Cleaners
"PowerISO" = PowerISO
"Reason5_is1" = Reason 5.0
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WTA-10c81b53-d040-4c6c-ad25-6a34042523d5" = Torchlight
"WTA-12a8f428-0609-4194-a353-8ae63af9afea" = Final Drive: Nitro
"WTA-19313cba-c85f-4013-83ec-6d4b672db5c5" = Plants vs. Zombies - Game of the Year
"WTA-5369a7d6-c2db-4d04-b1f7-f5fdb848ae28" = Jewel Match 3
"WTA-83ed7cf4-4368-4108-bd55-ff6b14f0e1de" = Governor of Poker 2 Premium Edition
"WTA-88413c18-de3b-477b-9c44-4cde202967b7" = Dora's World Adventure
"WTA-94a0b4ec-d4fc-44a0-bb96-ff891239667b" = Chronicles of Albian
"WTA-9e10d874-5fe1-415f-9248-6e3c6df0b9a9" = Agatha Christie - Death on the Nile
"WTA-a254403c-a2d2-4abe-9cb5-80310ed21792" = Virtual Villagers 5 - New Believers
"WTA-a6ea035b-a52e-42db-b2f0-c64e8320b83b" = FATE: The Cursed King
"WTA-ba0e17e3-5b47-49d5-8281-f21244bd14df" = Build-a-lot 4 - Power Source
"WTA-c1b47977-77e8-4041-b8e8-a7a23e0ee5f6" = Mystery of Mortlake Mansion
"WTA-c6336a01-baad-4a77-b145-9fc14d5dcb10" = Polar Bowler
"WTA-ca543aa9-12ba-4416-bea8-4c55bffb3b81" = Cradle of Rome 2
"WTA-ded408db-748e-4c51-89ee-270969d55cac" = Bejeweled 2 Deluxe
"WTA-f489b1c2-5121-4d0b-bf97-56d81925a8fd" = RollerCoaster Tycoon 3: Platinum
"WTA-fd276b3a-c719-4813-9199-c1ae5fb70465" = Polar Golfer
"WTA-fd686104-9945-49e4-8d52-300b99322362" = Zuma's Revenge
"WTA-fefe4b68-cc9d-4de9-be3d-a637a42350fe" = Penguins!
"WTA-ff0557a8-fb07-48c4-a2bc-1b190f025566" = Chuzzle Deluxe
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tango" = Tango

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2012 5:21:01 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/10/2012 7:28:03 PM | Computer Name = KeriRochelle-PC | Source = Application Error | ID = 1000
Description = Faulting application name: bitlord.exe, version: 2.1.0.91, time stamp:
0x4f32d25b Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc00000fd Fault offset: 0x0003a6c7 Faulting process id:
0x17e4 Faulting application start time: 0x01cd5ef2a8c8273d Faulting application path:
C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: e4c5a99f-cae6-11e1-a158-dc0ea12afcb5

Error - 7/12/2012 4:24:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/12/2012 2:48:49 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/12/2012 9:22:11 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/13/2012 4:46:30 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2012 2:19:58 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2012 2:48:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2012 3:04:32 AM | Computer Name = KeriRochelle-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
Faulting
process id: 0x11f0 Faulting application start time: 0x01cd618cbf0f189b Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 28d1470a-cd82-11e1-88e6-dc0ea12afcb5

Error - 7/14/2012 6:40:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/19/2012 1:24:13 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/19/2012 5:08:08 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/19/2012 5:08:08 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/19/2012 6:41:51 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/19/2012 6:41:51 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/19/2012 10:45:04 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/19/2012 10:45:04 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/20/2012 9:53:29 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/20/2012 9:53:29 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/20/2012 10:43:42 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
 
OTL logfile created on: 7/26/2012 7:18:49 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KD\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.52% Memory free
7.71 Gb Paging File | 6.16 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.99 Gb Total Space | 188.32 Gb Free Space | 67.26% Space Free | Partition Type: NTFS

Computer Name: KERIROCHELLE-PC | User Name: KD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 19:12:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\KD\Downloads\OTL (1).com
PRC - [2012/07/26 19:12:04 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\KD\Downloads\OTL.com
PRC - [2012/07/11 15:09:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/09 21:44:17 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2011/05/20 11:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2011/03/09 12:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/07/16 20:52:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 21:44:17 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/06/07 15:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/09 12:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/30 23:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 13:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/05/09 22:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 05:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C0F07F2A-EA6E-4E29-A55A-9847CB92CCED}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C0F07F2A-EA6E-4E29-A55A-9847CB92CCED}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT2830765.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "BitLord Security Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 21:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/24 20:57:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/13 10:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/13 10:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Extensions
[2012/07/23 15:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions
[2012/06/21 18:22:02 | 000,000,000 | ---D | M] (BitLord Security Bar) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
[2012/07/16 20:07:25 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info
[2012/06/21 18:27:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com
[2012/07/23 15:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\trash
[2012/07/16 20:07:45 | 000,000,965 | ---- | M] () -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\searchplugins\conduit.xml
[2012/07/10 11:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/10 11:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[1832/11/28 23:08:39 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WNA2CLY.DEFAULT\EXTENSIONS\ZWREQMSAAG@ZWREQMSAAG.ORG.XPI
[2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/09 21:44:16 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://isearch.avg.com/?cid={CFFAF4...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://isearch.avg.com/?cid={CFFAF4...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: TheBflix = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0\
CHR - Extension: avast! WebRep = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: 1Click Downloader = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitLord Security Bar Toolbar) - {8C5878D0-6106-423B-AAA8-144C143DBF44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
 
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C}: DhcpNameServer = 208.59.247.45 208.59.247.46
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: BingDesktop - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_Cricket Broadband EC1705 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: Microsoft Help - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: PC Cleaners - hkey= - key= - C:\Program Files (x86)\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Power Management - hkey= - key= - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: Tango - hkey= - key= - C:\Program Files (x86)\Tango\Tango.exe (Tango Inc.)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 23:02:12 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/07/25 22:24:14 | 000,000,000 | ---D | C] -- C:\Users\KD\Desktop\RK_Quarantine
[2012/07/25 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/07/24 21:33:04 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Malwarebytes
[2012/07/24 21:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/24 21:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/24 21:32:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/24 21:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/24 20:58:06 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/24 20:58:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/24 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/24 20:58:05 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/24 20:58:05 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/24 20:58:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/24 20:58:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/24 20:58:01 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/24 20:57:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/24 20:57:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/24 20:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/24 20:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/21 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
 
[2012/07/21 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/21 09:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/07/21 09:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/07/21 09:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/07/21 09:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/07/20 09:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/16 22:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/16 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\Macromedia
[2012/07/16 20:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/07/16 20:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/16 20:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/07/16 19:12:08 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\ElevatedDiagnostics
[2012/07/16 18:19:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/14 15:31:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/07/14 15:31:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/07/14 15:21:03 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PC Cleaners
[2012/07/14 15:20:55 | 004,274,488 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/14 15:20:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PCPro
[2012/07/14 15:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2012/07/14 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/07/14 15:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2012/07/13 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{7AE5942C-AB73-43A1-B46D-5C0BCD6A2438}
[2012/07/13 23:37:34 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{AEC39731-98A3-4345-A113-C0C23132FF3E}
[2012/07/13 22:12:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 03:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:01:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:01:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:01:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:01:39 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:01:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:01:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:01:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:01:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 15:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 15:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 15:22:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 15:22:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 15:22:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 18:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012/07/10 18:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2012/07/10 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Rovio
[2012/07/10 11:40:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/10 11:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/10 11:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/10 11:39:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/10 11:39:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/10 11:39:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/10 11:39:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/10 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/29 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\KD\Documents\Cakewalk
[2012/06/29 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Cakewalk
[2012/06/29 09:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2012/06/29 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
[2012/06/29 09:51:48 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2012/06/29 09:51:47 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2012/06/29 09:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2012/06/28 17:36:42 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012/06/28 17:36:41 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012/06/28 12:20:38 | 000,000,000 | ---D | C] -- C:\Users\KD\Tracing
[2012/06/28 11:41:03 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/28 11:40:21 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/06/28 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{832278FD-5555-4C09-809B-FF57BE34846C}
[2012/06/28 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{BF13BD5C-7925-4128-8CA9-41952573241A}
[2012/06/28 11:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2012/06/28 11:00:37 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Propellerhead Software
[2012/06/28 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
[2012/06/28 10:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Propellerhead
[2012/06/28 04:43:38 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{A251F060-8D35-412C-8E88-AC74C354DF8D}
[2012/06/28 04:43:28 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{CF630B14-6C5B-459B-B80A-571E0C40F71F}
[2012/06/28 04:42:20 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{CEBAD0C0-B6EC-4BAA-A95D-5F91A0287CDA}
[2012/06/28 04:42:10 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{C2F1E182-89D2-4E45-98DC-6355A9150279}
[2012/06/28 04:40:21 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{EB0B89BB-1CBD-479E-A5C1-CA8F856703DB}
[2012/06/28 04:40:11 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{ABD1AF64-2146-4186-9DC6-D6D582A026D1}
[2012/06/28 04:32:05 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{0666E6EF-E83D-44BA-9D25-64BD88960E92}
[2012/06/28 04:31:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{5CD089D3-FDFC-484A-9C1C-A290C4AD9838}
[2012/06/28 04:07:44 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{F50A916D-DB28-47FD-B0C5-6BC3A771E658}
[2012/06/28 04:07:34 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{C899A96E-586E-4846-8CA0-24F54BDB5A70}
[2012/06/28 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PreSonus
[2012/06/28 03:52:12 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PreSonus
[2012/06/28 03:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Propellerhead Software
[2012/06/28 03:51:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/06/28 03:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012/06/28 03:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/28 03:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

========== Files - Modified Within 30 Days ==========

[2012/07/26 18:59:09 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 18:59:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 18:58:59 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/07/26 18:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 23:11:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 23:11:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 23:04:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 23:03:40 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 23:03:10 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/07/25 22:15:00 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/24 21:32:30 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 20:58:06 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/24 20:58:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/21 11:08:10 | 000,428,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/20 09:03:59 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/16 22:33:32 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/16 22:33:32 | 000,002,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/16 20:52:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/16 20:52:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/14 15:20:43 | 004,274,488 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/13 21:47:25 | 000,804,199 | ---- | M] () -- C:\Users\KD\Documents\K7.wma
[2012/07/12 13:53:33 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 13:53:33 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 13:53:33 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/11 20:41:02 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/10 18:29:14 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/10 18:15:41 | 000,002,654 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/07/10 11:39:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/10 11:39:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/10 11:39:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/10 11:39:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/07 00:06:57 | 000,541,332 | ---- | M] () -- C:\Users\KD\Documents\Tutu.rns
[2012/07/06 13:40:57 | 000,642,559 | ---- | M] () -- C:\Users\KD\Documents\k5.0.wma
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/28 17:36:42 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012/06/28 17:36:41 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012/06/28 10:54:36 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Reason.lnk

========== Files Created - No Company Name ==========

[2012/07/25 23:03:10 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/07/25 22:15:00 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/24 21:32:30 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 20:58:06 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/24 20:58:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/20 09:03:59 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/16 20:52:16 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/16 20:52:16 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/13 21:47:25 | 000,804,199 | ---- | C] () -- C:\Users\KD\Documents\K7.wma
[2012/07/10 18:29:14 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/07/06 13:40:57 | 000,642,559 | ---- | C] () -- C:\Users\KD\Documents\k5.0.wma
[2012/06/29 17:49:10 | 000,541,332 | ---- | C] () -- C:\Users\KD\Documents\Tutu.rns
[2012/06/28 10:54:36 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Reason.lnk
[2012/06/21 18:20:21 | 000,000,218 | ---- | C] () -- C:\Users\KD\AppData\Local\recently-used.xbel
[2012/04/30 21:52:04 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 13:18:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/11 13:18:10 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/11 13:18:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/11 13:18:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/11 13:18:07 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=520A6D1CBCC9CF642C625FE814C93C58 -- C:\install.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >
 
< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/07/24 21:14:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\1ClickDownload
[2012/07/25 22:15:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-zip
[2011/10/11 13:02:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/07/18 21:47:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/24 11:14:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Barnes & Noble
[2012/06/21 18:22:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitLord 2
[2012/06/21 18:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitLord_Security_Bar
[2012/07/10 11:40:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/04/30 10:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/12/24 11:10:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/10/11 12:46:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote
[2011/10/11 13:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fooz Kids
[2011/12/24 11:17:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gateway
[2011/10/11 12:46:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gateway Games
[2012/07/20 09:03:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/06/29 09:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IK Multimedia
[2012/06/29 17:51:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/24 11:05:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/07/12 03:22:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/07/10 11:39:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/12/24 11:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Launch Manager
[2012/07/24 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/16 22:33:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2012/07/14 15:31:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/07/21 09:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/04/30 15:31:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/07/21 09:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/10 09:47:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/07/21 09:56:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/07/21 09:53:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/13 10:35:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/13 10:35:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/21 09:56:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/05/09 14:06:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2012/04/29 18:56:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/11 12:57:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011/10/11 12:48:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTI
[2012/04/12 15:06:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OEM
[2012/07/14 15:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Cleaners
[2012/07/14 01:55:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Tools Registry Mechanic
[2012/06/21 18:28:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PowerISO
[2012/06/28 10:53:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Propellerhead
[2011/12/24 11:04:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/07/10 18:29:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rovio
[2011/10/11 12:46:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/12/24 11:10:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Social Networks
[2011/10/11 12:57:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2011/10/11 12:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent
[2012/04/29 18:28:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tango
[2011/12/24 11:04:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Temp
[2009/07/13 23:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/12/24 11:14:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Video Web Camera
[2012/06/05 21:46:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/07/14 02:05:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/06/21 18:27:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo
[2012/05/09 11:40:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zuma's Revenge!

< %appdata%\*.* >
[2012/07/24 23:49:56 | 000,000,000 | ---- | M] () -- C:\Users\KD\AppData\Roaming\bitlord_log.txt

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/07/14 00:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/07/14 00:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 22:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 23:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2010/11/20 22:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 22:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2012/06/28 05:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
[2012/07/09 23:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/07/14 00:24:59 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/09/21 04:42:42 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/07/14 00:24:59 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/07/19 21:13:45 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2011/07/19 21:13:45 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2011/09/21 04:42:42 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
 
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:


    :OTL
    IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.selectedEngine: "BitLord Security Bar Customized Web Search"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q="
    [2012/06/21 18:22:02 | 000,000,000 | ---D | M] (BitLord Security Bar) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
    [2012/07/16 20:07:25 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info
    [2012/06/21 18:27:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com
    [1832/11/28 23:08:39 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WNA2CLY.DEFAULT\EXTENSIONS\ZWREQMSAAG@ZWREQMSAAG.ORG.XPI
    CHR - Extension: TheBflix = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0\
    CHR - Extension: 1Click Downloader = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\
    O2 - BHO: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (BitLord Security Bar Toolbar) - {8C5878D0-6106-423B-AAA8-144C143DBF44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
    MsConfig:64bit - StartUpReg: PC Cleaners - hkey= - key= - C:\Program Files (x86)\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll moved successfully.
Prefs.js: "BitLord Security Bar Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q=" removed from keyword.URL
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\Plugins folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\modules folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\META-INF folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\lib folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\defaults\preferences folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\defaults folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\skin folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\sl folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\lib folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\core folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\404 folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\js\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features\js\resources folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\api folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\res folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\img folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\css folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765 folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44} folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info\content folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\zwreqmsaag@zwreqmsaag.org.xpi moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0 folder moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\js folder moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\images folder moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\html folder moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\css folder moved successfully.
C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8C5878D0-6106-423B-AAA8-144C143DBF44} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C5878D0-6106-423B-AAA8-144C143DBF44}\ not found.
File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
C:\Windows\Downloaded Program Files\jinstall-6u27.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PC Cleaners\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: KD
->Temp folder emptied: 179286679 bytes
->Temporary Internet Files folder emptied: 481549377 bytes
->Java cache emptied: 9883200 bytes
->FireFox cache emptied: 805664591 bytes
->Google Chrome cache emptied: 9643897 bytes
->Flash cache emptied: 62820 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 202474162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1308525413 bytes

Total Files Cleaned = 2,858.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07272012_155914
Files\Folders moved on Reboot...
C:\Users\KD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\xmlProxy[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\InboxLight[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\Messenger[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\resourcespreload[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\xmlProxy[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\EditMessageLight[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\RteFrame_16.2.6148.0723[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JGGR2QP5\xmlProxy[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6EFVUD0\flextag[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E9IWZSVC\index[2].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\adloader[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\flextag[2].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\WebIMPop[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92D04R6W\LocalStorage[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\default[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\tt[1].htm moved successfully.
C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\KD\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\AjaxHistoryFrame[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\xmlProxy[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\InboxLight[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\Messenger[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\resourcespreload[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\xmlProxy[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\EditMessageLight[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\RteFrame_16.2.6148.0723[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JGGR2QP5\xmlProxy[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6EFVUD0\flextag[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E9IWZSVC\index[2].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\adloader[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\flextag[2].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\WebIMPop[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92D04R6W\LocalStorage[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\default[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\tt[1].htm not found!
File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
[2012/07/27 16:05:32 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
[2012/07/27 16:05:16 | 000,228,220 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
[2012/07/27 16:05:14 | 000,449,139 | ---- | M] () C:\Windows\temp\LMutilps32.log : Unable to obtain MD5
Registry entries deleted on Reboot...
 
ComboFix 12-07-27.03 - KD 07/27/2012 16:14:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2792 [GMT -5:00]
Running from: c:\users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUO03UK5\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\KD\AppData\Local\Temp\{848791BE-9427-4E10-B939-046F4792C0B3}\fpb.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 20:59 . 2012-07-27 20:59 -------- d-----w- C:\_OTL
2012-07-26 04:02 . 2012-07-26 04:02 -------- d-----w- C:\found.000
2012-07-26 03:14 . 2012-07-26 03:15 -------- d-----w- c:\program files (x86)\7-zip
2012-07-25 02:33 . 2012-07-25 02:33 -------- d-----w- c:\users\KD\AppData\Roaming\Malwarebytes
2012-07-25 02:32 . 2012-07-25 02:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 02:32 . 2012-07-25 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-25 02:32 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 01:58 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-25 01:58 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-25 01:58 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-25 01:58 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-25 01:58 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-25 01:58 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-25 01:58 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-25 01:57 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-25 01:57 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-25 01:57 . 2012-07-25 01:57 -------- d-----w- c:\programdata\AVAST Software
2012-07-25 01:57 . 2012-07-25 01:57 -------- d-----w- c:\program files\AVAST Software
2012-07-21 14:56 . 2012-07-21 14:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-07-21 14:55 . 2012-07-21 14:55 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-07-21 14:53 . 2012-07-21 14:53 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-07-21 14:53 . 2012-07-21 14:53 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-07-17 01:52 . 2012-07-18 17:27 -------- d-----w- c:\users\KD\AppData\Local\Macromedia
2012-07-17 01:52 . 2012-07-17 01:52 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-17 01:52 . 2012-07-17 01:52 -------- d-----w- c:\programdata\McAfee
2012-07-17 01:52 . 2012-07-17 03:33 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-07-17 00:12 . 2012-07-21 14:27 -------- d-----w- c:\users\KD\AppData\Local\ElevatedDiagnostics
2012-07-14 20:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-14 20:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-14 20:21 . 2012-07-14 20:21 -------- d-----w- c:\users\KD\AppData\Roaming\PC Cleaners
2012-07-14 20:20 . 2012-07-14 20:21 -------- d-----w- c:\users\KD\AppData\Roaming\PCPro
2012-07-14 20:20 . 2012-07-14 20:20 4274488 ----a-w- c:\windows\uninst.exe
2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\program files (x86)\PC Cleaners
2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\programdata\PC1Data
2012-07-14 03:12 . 2012-07-14 03:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 11:09 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06241A05-E5AD-4E75-B24D-0BB3D7B48CE3}\mpengine.dll
2012-07-12 08:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:22 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:29 . 2012-07-10 23:29 -------- d-----w- c:\program files (x86)\Rovio
2012-07-10 23:27 . 2012-07-10 23:27 -------- d-----w- c:\users\KD\AppData\Roaming\Rovio
2012-07-10 16:40 . 2012-07-10 16:40 -------- d-----w- c:\windows\Sun
2012-07-10 16:40 . 2012-07-10 16:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-10 16:39 . 2012-07-10 16:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-10 16:39 . 2012-07-10 16:39 -------- d-----w- c:\program files (x86)\Java
2012-06-29 15:03 . 2012-06-29 15:20 -------- d-----w- c:\users\KD\AppData\Roaming\Cakewalk
2012-06-29 14:54 . 2012-06-29 14:54 -------- d-----w- c:\program files (x86)\IK Multimedia
2012-06-29 14:51 . 2006-02-24 15:00 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-06-29 14:51 . 2006-02-24 15:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-06-29 14:48 . 2012-06-29 22:52 -------- d-----w- c:\programdata\Cakewalk
2012-06-28 22:36 . 2012-06-28 22:36 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-06-28 22:36 . 2012-06-28 22:36 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-06-28 17:20 . 2012-06-28 17:20 -------- d-----w- c:\users\KD\Tracing
2012-06-28 16:41 . 2012-06-28 16:41 -------- d-----w- c:\windows\en
2012-06-28 16:40 . 2012-06-28 16:40 -------- d-----w- c:\windows\fr
2012-06-28 16:36 . 2012-06-28 16:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\233966d21cd554c02\MeshBetaRemover.exe
2012-06-28 16:36 . 2012-06-28 16:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DSETUP.dll
2012-06-28 16:36 . 2012-06-28 16:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DXSETUP.exe
2012-06-28 16:36 . 2012-06-28 16:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\dsetup32.dll
2012-06-28 16:00 . 2012-06-28 22:36 -------- d-----w- c:\programdata\Propellerhead Software
2012-06-28 16:00 . 2012-06-28 16:00 -------- d-----w- c:\users\KD\AppData\Roaming\Propellerhead Software
2012-06-28 15:53 . 2012-06-28 15:53 -------- d-----w- c:\program files (x86)\Propellerhead
2012-06-28 08:52 . 2012-06-28 08:52 -------- d-----w- c:\programdata\PreSonus
2012-06-28 08:52 . 2012-06-28 08:52 -------- d-----w- c:\users\KD\AppData\Roaming\PreSonus
2012-06-28 08:51 . 2012-06-28 08:51 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2012-06-28 08:51 . 2012-06-28 10:24 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-28 08:51 . 2012-06-28 08:51 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-06-28 08:39 . 2012-06-28 08:39 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:22 . 2012-04-30 16:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:22 . 2011-10-11 17:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:02 . 2012-06-18 07:01 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 22:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 22:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 22:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:10 . 2012-06-21 23:28 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-04 11:06 . 2012-06-14 01:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-29 23:20 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 02:44 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-19 36960]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 136176]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-03-09 257344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 03:22]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 03:28]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 03:28]
.
2012-07-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 8309d8f5-ace5-427d-a02f-9988d36dedc7
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-1ClickDownload - c:\program files (x86)\1ClickDownload\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\syswow64\MsiExec.exe
.
**************************************************************************
.
Completion time: 2012-07-27 16:31:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 21:31
.
Pre-Run: 204,651,077,632 bytes free
Post-Run: 204,091,695,104 bytes free
.
- - End Of File - - 6412685121EA7CBE67CB2BB1E729C0F5
 
Excellent work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back