Solved Could anyone check my log files for malware? Thanks!!

D

Dan555444

Posts: 18   +0
Hi all. first of all a big thanks to anyone available to take a look at my log files.

My cursor/mouse started moving all by itself today as if someone had taken over my Windows 7 computer.

I have AVG running. I then used Malware bytes to clean the pc - it removed 5 or 6 things. then I ran DSS.

Logs attached and below. Any help much appreciated. (Also since I ran malware antibytes there is no strange behaviour but need to be sure the bug is gone as I do banking on this pc)

MBAM LOG ***********

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
danHP :: DANHP-PC [administrator]

01/10/2013 5:13:26 PM
mbam-log-2013-10-01 (17-13-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250707
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\danHP\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\$Recycle.Bin\S-1-5-21-1101401204-429388405-206686766-1001\$RDQO6OA.exe (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1101401204-429388405-206686766-1001\$RSMKLAH.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\danHP\AppData\Local\Temp\J6IrQVbQ.exe.part (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\danHP\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\danHP\MSC\iLividSetup-r287-n-bf.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Conduit\CT2405280\Softonic-Eng7AutoUpdaterHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.

(end)

DDS LOG ********************************


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by danHP at 19:21:16 on 2013-10-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3039.1343 [GMT 10:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Glary Utilities 3\Integrator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\danHP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\explorer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uURLSearchHooks: ST-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: ST-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: ST-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - c:\program files\vuze_remote\tbVuze.dll
TB: ST-Eng7 Toolbar: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - c:\program files\softonic-eng7\prxtbSof0.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: ST-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof0.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
uRun: [Rank Tracker] c:\program files\seo powersuite\rank tracker\bin\ranktracker.exe -minimized
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [iLivid] "c:\users\danhp\appdata\local\ilivid\iLivid.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: c:\users\danhp\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\danhp\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\danhp\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : NameServer = 220.233.0.4,220.233.0.3
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{862D6F09-91E4-44E8-B47A-59959EF5E70D} : NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\14279702960586F6E656 : DHCPNameServer = 211.29.132.12 61.88.88.88
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\2456C6B696E6E293132433 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\353686E6574747562786561646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\353686E657474756278656164653 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\45865602241637B65647 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}\75962756C65637370244F677C696E676023547 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.1\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danhp\appdata\roaming\mozilla\firefox\profiles\wgtq8na8.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={84241A0D-0BF9-49E2-AA7D-E0A43BAF6185}&mid=7d2cde6fbcd24e5adeac63e2c17aa0fa-09a64fa00f97a27d7b52d5e70150f8b4ab5a1749&lang=en&ds=AVG&pr=fr&d=2011-11-09 10:13:56&v=17.0.0.9&pid=avg&sg=0&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={84241A0D-0BF9-49E2-AA7D-E0A43BAF6185}&mid=7d2cde6fbcd24e5adeac63e2c17aa0fa-09a64fa00f97a27d7b52d5e70150f8b4ab5a1749&lang=en&ds=AVG&pr=fr&d=2011-11-09 10:13:56&pid=avg&sg=0&v=17.0.0.9&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.1\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPWxfer.dll
FF - ExtSQL: 2013-09-26 12:19; {4cc4a13b-94a6-7568-370d-5f9de54a9c7f}; c:\users\danhp\appdata\roaming\mozilla\firefox\profiles\wgtq8na8.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - ExtSQL: 2013-10-01 16:57; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-5 37664]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-1-21 267208]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-1 464256]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2010-11-9 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2010-11-9 49152]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-2-25 99896]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 MSSQL$FRONT_DESK;SQL Server (FRONT_DESK);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-1-15 462848]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-9-16 3273088]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-22 5071712]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2011-2-15 9216]
R2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.1\ToolbarUpdater.exe [2013-9-29 1734680]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [2009-5-27 27008]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-11-18 72832]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-11-9 247320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-11-3 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2009-11-3 11520]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [2009-6-3 171776]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-11-18 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-11-18 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-1-10 112128]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-11-18 85632]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2011-11-18 26496]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2011-11-18 168448]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-1-10 102912]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-2-25 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-8-25 4232192]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-31 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-31 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400]
.
=============== Created Last 30 ================
.
2013-10-01 08:36:18 -------- d-----w- c:\users\danhp\appdata\roaming\DiskDefrag
2013-09-26 23:17:20 -------- d-----w- c:\program files\WinDirStat
2013-09-26 02:35:05 -------- d-----w- c:\programdata\GlarySoft
2013-09-26 02:30:52 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-09-26 02:30:48 -------- d-----w- c:\users\danhp\appdata\roaming\GlarySoft
2013-09-26 02:30:40 -------- d-----w- c:\program files\Glary Utilities 3
2013-09-18 13:17:15 871600 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-09-16 02:30:40 4806016 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-09-16 02:30:40 4806016 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-09-10 17:05:19 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7442b3e-973d-4a60-8435-6b9fcc97b357}\mpengine.dll
2013-09-09 15:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 15:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2013-09-28 18:40:13 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-20 06:34:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 06:34:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03:07 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 15:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-19 15:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-19 15:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 15:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03:34 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52:10 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50:42 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05:35 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 19:22:41.01 ===============
 

Attachments

  • mbam-log-2013-10-01 (17-13-26).txt
    3.8 KB · Views: 0
  • DDS.txt
    27.4 KB · Views: 0
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Please observe forum rules.
All logs have to be pasted not attached.

redtarget.gif
I still need Attach.txt log from DDS.
 
Sorry for attaching previously. here is attach.txt

many thanks

**************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/01/2010 1:47:43 PM
System Uptime: 01/10/2013 6:35:30 PM (1 hours ago)
.
Motherboard: Quanta | | 3628
Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz | CPU | 2266/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 183.414 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 0.861 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP408: 19/09/2013 12:00:18 AM - Scheduled Checkpoint
RP409: 23/09/2013 9:23:28 AM - Windows Update
RP410: 01/10/2013 12:00:09 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.4.7 MUI
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced SystemCare 6
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG 2013
AVG Security Toolbar
AVI To MP4 Converter 1.0
Bass Audio Decoder (remove only)
Belkin Daily DJ
Belkin Music Labeler
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bit Boost
BitZipper 2013
Bonjour
BTGuard 2.4
CamStudio
Canon MF Toolbox 4.9.1.1.mf09
Canon MF4100 Series
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD Audio Reader Filter (remove only)
Choice Guard
Core Temp 1.0 RC2
CyberLink DVD Suite
DCoder Image Source (remove only)
DirectVobSub (remove only)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dropbox
Dulux MyColour4
ENE CIR Receiver Driver
Evernote v. 4.6.7
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
FileZilla Client 3.3.5.1
Free M4a to MP3 Converter 6.1
Front Desk 2010
Gabest MPEG Splitter (remove only)
Glary Utilities 3.9.2
GoodSync
Google AdWords Editor
Google Apps
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.456
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP LaserJet Professional P1100-P1560-P1600 Series
HP MediaSmart Internet TV
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
IDT Audio
ImgBurn
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
JMicron Flash Media Controller Driver
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (FRONT_DESK)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
Mp3tag v2.53
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Mover
MYOB Accounting v15
MYOB AccountRight Standard v19.1
MYOB ODBC Direct v10 AUS
Nero 7 Essentials
Network Printer Wizard
Networking USB Server
oDesk Team
OKI Color Swatch Utility
OKI MC351/361/561 Scanner
OKI Network Extension
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
PDF Settings
pdfsam
Picasa 3
Power2Go
PowerRecover
QLBCASL
QuickTime
RealMedia (remove only)
Realtek 8136 8168 8169 Ethernet Driver
RoboForm 7-9-0-0 (All Users)
SAMSUNG PC Share Manager
ScannerDriver
Screaming Frog SEO Spider
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
SEO PowerSuite
SHOUTcast Source (remove only)
Skype Click to Call
Skype™ 6.1
Snagit 9.1.3
Softonic-Eng7 Toolbar
SoftStylus
Synaptics Pointing Device Driver
SyncBack
TeamViewer 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.5
Vodafone Mobile Broadband Lite
Vuze
Vuze_Remote Toolbar
WD Discovery Software
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Wise Registry Cleaner 7.52
Xenu's Link Sleuth
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
26/09/2013 5:14:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
26/09/2013 12:45:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume F:.
26/09/2013 12:35:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
26/09/2013 12:33:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
26/09/2013 12:19:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
25/09/2013 8:29:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
24/09/2013 8:36:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x90791cd0, 0x90791d68, 0x08130012). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092413-41839-01.
01/10/2013 6:37:43 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
01/10/2013 6:36:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ldqtch
01/10/2013 6:24:21 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Thanks again.

reports:

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : danHP [Admin rights]
Mode : Remove -- Date : 10/04/2013 09:57:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\danHP\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1101401204-429388405-206686766-1001\[...]\Run : iLivid ("C:\Users\danHP\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{55254033-BB29-4B57-B5CE-D0E9F166B964}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{55254033-BB29-4B57-B5CE-D0E9F166B964}.exe - --uninstall=1 [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?g_pArrayPprv@ElementProviderManager@DirectUI@@0PAV?$UiaArray@PAVElementProvider@DirectUI@@@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x430DC55E)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCTreeView@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6B0DC867)
[Inline] EAT @explorer.exe (?s_pClassInfo@Navigator@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xAB0DC896)
[Inline] EAT @explorer.exe (?s_pClassInfo@Viewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xD70DC7F1)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC42A333C)
[Inline] EAT firefox.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC42A333C)
[Inline] EAT firefox.exe (?s_pClassInfo@CCCommandLink@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6B1B38FC)
[Inline] EAT firefox.exe (?s_pClassInfo@PushButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xEB1B38DB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9500420AS +++++
--- User ---
[MBR] e49de8bf7a156b42e8a42fa18e3f9951
[BSP] 9cdaa90848f88771d4fe3f61ecd6b73a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 464809 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952338432 | Size: 11930 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10042013_095726.txt >>
RKreport[0]_S_10042013_095414.txt

**************************************************

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.03.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
danHP :: DANHP-PC [administrator]

04/10/2013 10:05:07 AM
mbar-log-2013-10-04 (10-05-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 267086
Time elapsed: 36 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

**********************************************
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3186819072, free: 1065406464

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3186819072, free: 1744060416

Downloaded database version: v2013.10.03.10
Downloaded database version: v2013.09.30.01
Initializing...
======================
------------ Kernel report ------------
10/04/2013 10:05:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\DRIVERS\djsvs.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\GenBus.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys
\??\C:\Users\danHP\AppData\Local\Temp\mbr.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87b26030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86c95028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87b26030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87b26838, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87b26030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87b26c48, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff86c95028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 28FB2DCB

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 951928832

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 952338432 Numsec = 24432640

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Read File: File "c:\programdata\avg2013\chjw\3cb09de6b09da6c4.dat:76db392e-59f1-4925-b9a6-ac750c18ca45" is sparse (flags = 32768)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log.1" is compressed (flags = 1)
Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Thanks again


ComboFix 13-10-04.02 - danHP 07/10/2013 16:18:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3039.1788 [GMT 11:00]
Running from: c:\users\danHP\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
c:\users\danHP\AppData\Local\assembly\tmp
c:\users\danHP\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\danHP\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system
c:\users\danHP\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
.
.
((((((((((((((((((((((((( Files Created from 2013-09-07 to 2013-10-07 )))))))))))))))))))))))))))))))
.
.
2013-10-07 05:28 . 2013-10-07 05:28 -------- d-----w- c:\users\Saskia & Katia\AppData\Local\temp
2013-10-07 05:28 . 2013-10-07 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 05:24 . 2013-10-07 05:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7442B3E-973D-4A60-8435-6B9FCC97B357}\offreg.dll
2013-10-04 00:05 . 2013-10-04 11:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:36 . 2013-10-01 08:36 -------- d-----w- c:\users\danHP\AppData\Roaming\DiskDefrag
2013-09-26 23:17 . 2013-09-26 23:17 -------- d-----w- c:\program files\WinDirStat
2013-09-26 04:31 . 2013-09-26 04:31 -------- d-----w- c:\users\danHP\AppData\Roaming\Leadertech
2013-09-26 02:35 . 2013-09-26 02:35 -------- d-----w- c:\programdata\GlarySoft
2013-09-26 02:30 . 2013-09-13 08:32 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-09-26 02:30 . 2013-09-26 02:30 -------- d-----w- c:\users\danHP\AppData\Roaming\GlarySoft
2013-09-26 02:30 . 2013-10-07 05:31 -------- d-----w- c:\program files\Glary Utilities 3
2013-09-10 17:05 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7442B3E-973D-4A60-8435-6B9FCC97B357}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 06:34 . 2012-04-30 07:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 06:34 . 2011-06-30 22:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 08:57 . 2013-08-14 02:38 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 02:38 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2013-09-11 10:21 226592 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 05:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-06-09 12:16 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-12 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-12 109784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\danHP\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-4 29767928]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Jungle Disk Desktop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Desktop.lnk
backup=c:\windows\pss\Jungle Disk Desktop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BTGuard Updates.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Updates.lnk
backup=c:\windows\pss\BTGuard Updates.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2012-09-24 10:59 490880 ----a-w- c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 10:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 07:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-07-16 00:51 1668664 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 21:40 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 08:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-07-28 06:33 1485208 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 11:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-02-15 06:53 408064 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-06-24 21:57 320056 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-24 16:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-07-21 17:34 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 19:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-11 21:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-13 17:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 03:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [x]
R0 ldqtch;ldqtch;c:\windows\System32\drivers\lnpmhytf.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-02 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-02 11520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-06-03 171776]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-02-14 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-02-14 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-14 85632]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-02-14 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-02-14 168448]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-06-09 267208]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MSSQL$FRONT_DESK;SQL Server (FRONT_DESK);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 462848]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-09-12 5071712]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-02-15 9216]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [2009-05-27 27008]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-02-14 72832]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-27 247320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 00:41 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 06:34]
.
2013-10-07 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-09-13 08:30]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 00:55]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 00:55]
.
2013-10-07 c:\windows\Tasks\HPCeeScheduleFordanHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:15]
.
2013-10-07 c:\windows\Tasks\SyncBack HP to Netwok Drive.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-12-01 04:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF}: NameServer = 220.233.0.4,220.233.0.3
TCP: Interfaces\{862D6F09-91E4-44E8-B47A-59959EF5E70D}: NameServer = 10.143.147.147 10.143.147.148
FF - ProfilePath - c:\users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-09-26 12:19; {4cc4a13b-94a6-7568-370d-5f9de54a9c7f}; c:\users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - ExtSQL: 2013-10-01 16:57; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-Rank Tracker - c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
MSConfigStartUp-Rank Tracker - c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
MSConfigStartUp-SugarSync - c:\program files\SugarSync\SugarSyncManager.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-{D6EA88A9-820F-4F28-B7D7-C1F38E23299A} - c:\users\danHP\AppData\Local\{9675B491-ACAC-4492-8CB5-9F481DEA3233}\myPractice 2.22.6.0.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}"=hex:51,66,7a,6c,4c,1d,38,12,f1,3b,8f,
da,24,7d,c9,04,ff,8d,e9,70,5b,87,9d,36
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"=hex:51,66,7a,6c,4c,1d,38,12,0c,42,46,
78,85,c2,ca,00,c7,e2,cd,e1,c2,06,c1,ed
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{92EF2EAD-A7CE-4424-B0DB-499CF856608E}"=hex:51,66,7a,6c,4c,1d,38,12,c3,2d,fc,
96,fc,e9,4a,01,cf,cd,0a,dc,fd,08,24,9a
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,bc,5a,9f,f1,b8,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,33,31,89,b2,ee,8f,46,af,1e,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,33,31,89,b2,ee,8f,46,af,1e,75,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(4004)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\Glary Utilities 3\Integrator.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-10-07 16:36:39 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-07 05:36
.
Pre-Run: 206,202,929,152 bytes free
Post-Run: 206,146,953,216 bytes free
.
- - End Of File - - 672661121404013B87B8BB1AFB3CCE0C
506B0E168F1982E9487925E5B25871B8
 
redtarget.gif
Uninstall Advanced SystemCare 6.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::

Folder::

Driver::
ldqtch

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 13-10-04.02 - danHP 08/10/2013 8:56.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3039.1688 [GMT 11:00]
Running from: c:\users\danHP\Downloads\ComboFix.exe
Command switches used :: c:\users\danHP\Downloads\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ldqtch
.
.
((((((((((((((((((((((((( Files Created from 2013-09-07 to 2013-10-07 )))))))))))))))))))))))))))))))
.
.
2013-10-07 22:06 . 2013-10-07 22:06 -------- d-----w- c:\users\Saskia & Katia\AppData\Local\temp
2013-10-07 22:06 . 2013-10-07 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 05:54 . 2013-10-07 05:54 -------- d-----w- c:\users\danHP\AppData\Roaming\AVG2014
2013-10-07 05:53 . 2013-10-07 05:54 -------- d-----w- c:\programdata\AVG2014
2013-10-07 05:42 . 2013-10-07 21:50 -------- d-----w- c:\users\danHP\AppData\Local\Avg2014
2013-10-07 05:24 . 2013-10-07 05:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7442B3E-973D-4A60-8435-6B9FCC97B357}\offreg.dll
2013-10-04 00:05 . 2013-10-04 11:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-01 08:36 . 2013-10-01 08:36 -------- d-----w- c:\users\danHP\AppData\Roaming\DiskDefrag
2013-09-26 23:17 . 2013-09-26 23:17 -------- d-----w- c:\program files\WinDirStat
2013-09-26 04:31 . 2013-09-26 04:31 -------- d-----w- c:\users\danHP\AppData\Roaming\Leadertech
2013-09-26 02:35 . 2013-09-26 02:35 -------- d-----w- c:\programdata\GlarySoft
2013-09-26 02:30 . 2013-09-13 08:32 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-09-26 02:30 . 2013-09-26 02:30 -------- d-----w- c:\users\danHP\AppData\Roaming\GlarySoft
2013-09-26 02:30 . 2013-10-07 22:09 -------- d-----w- c:\program files\Glary Utilities 3
2013-09-10 17:05 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7442B3E-973D-4A60-8435-6B9FCC97B357}\mpengine.dll
2013-09-10 11:11 . 2013-09-10 11:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 11:12 . 2013-09-08 11:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 06:34 . 2012-04-30 07:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 06:34 . 2011-06-30 22:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 23:39 . 2013-09-01 23:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-01 23:28 . 2013-09-01 23:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-01 23:28 . 2013-09-01 23:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-01 23:28 . 2013-09-01 23:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 11:54 . 2013-08-20 11:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-01 05:08 . 2013-08-01 05:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 05:06 . 2013-08-01 05:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-07-25 08:57 . 2013-08-14 02:38 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 02:38 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2013-09-11 10:21 226592 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 05:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2013-09-11 226592]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\danHP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-06-09 12:16 155416 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-12 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-12 109784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\danHP\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-4 29767928]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Jungle Disk Desktop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Jungle Disk Desktop.lnk
backup=c:\windows\pss\Jungle Disk Desktop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BTGuard Updates.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BTGuard Updates.lnk
backup=c:\windows\pss\BTGuard Updates.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^danHP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 10:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 07:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-07-16 00:51 1668664 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu]
2009-02-25 21:40 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 08:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-07-28 06:33 1485208 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2010-11-03 11:50 1246544 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-02-15 06:53 408064 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 05:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-06-24 21:57 320056 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-24 16:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-07-21 17:34 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 19:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-11 21:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-13 17:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-23 03:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-02 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-02 11520]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-06-03 171776]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-02-14 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-02-14 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-14 85632]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-02-14 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-02-14 168448]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-01 145720]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-01 223032]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-01 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-01 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-06-09 267208]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 99896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 MSSQL$FRONT_DESK;SQL Server (FRONT_DESK);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 462848]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-09-12 5071712]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-02-15 9216]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [2009-05-27 27008]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-02-14 72832]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-27 247320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 00:41 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 06:34]
.
2013-10-07 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files\Glary Utilities 3\Initialize.exe [2013-09-13 08:30]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 00:55]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 00:55]
.
2013-10-07 c:\windows\Tasks\HPCeeScheduleFordanHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:15]
.
2013-10-07 c:\windows\Tasks\SyncBack HP to Netwok Drive.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-12-01 04:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF}: NameServer = 220.233.0.4,220.233.0.3
TCP: Interfaces\{862D6F09-91E4-44E8-B47A-59959EF5E70D}: NameServer = 10.143.147.147 10.143.147.148
FF - ProfilePath - c:\users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-09-26 12:19; {4cc4a13b-94a6-7568-370d-5f9de54a9c7f}; c:\users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF - ExtSQL: 2013-10-01 16:57; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{DE9C389F-3316-41A7-809B-AA305ED9D922}"=hex:51,66,7a,6c,4c,1d,38,12,f1,3b,8f,
da,24,7d,c9,04,ff,8d,e9,70,5b,87,9d,36
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"=hex:51,66,7a,6c,4c,1d,38,12,0c,42,46,
78,85,c2,ca,00,c7,e2,cd,e1,c2,06,c1,ed
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{92EF2EAD-A7CE-4424-B0DB-499CF856608E}"=hex:51,66,7a,6c,4c,1d,38,12,c3,2d,fc,
96,fc,e9,4a,01,cf,cd,0a,dc,fd,08,24,9a
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,bc,5a,9f,f1,b8,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,33,31,89,b2,ee,8f,46,af,1e,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,33,31,89,b2,ee,8f,46,af,1e,75,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(4416)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\Glary Utilities 3\Integrator.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-10-08 09:15:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-07 22:15
ComboFix2.txt 2013-10-07 05:36
.
Pre-Run: 205,361,307,648 bytes free
Post-Run: 205,036,163,072 bytes free
.
- - End Of File - - 2E16BA38A2212F51F9AA0AF71A50F663
506B0E168F1982E9487925E5B25871B8
 
Good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi broni - firstly thanks again! also, I am bit freaked out by the amount of stuff that must be wrong with my system! I thought I was careful not to instal too much crap. is this unusual? many thanks again. all requested logs below


*********
# AdwCleaner v3.006 - Report created 08/10/2013 at 17:26:56
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : danHP - DANHP-PC
# Running from : C:\Users\danHP\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Red Sky
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Softonic-Eng7
Folder Deleted : C:\Users\danHP\AppData\Local\DownTango
Folder Deleted : C:\Users\danHP\AppData\Local\PackageAware
Folder Deleted : C:\Users\danHP\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\danHP\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\danHP\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\danHP\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\danHP\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\danHP\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\danHP\AppData\LocalLow\Softonic-Eng7
Folder Deleted : C:\Users\Saskia & Katia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Saskia & Katia\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Saskia & Katia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Saskia & Katia\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Saskia & Katia\AppData\LocalLow\Softonic-Eng7
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\Conduit
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\ConduitEngine
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\jetpack
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\Smartbar
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\CT2504091
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zoom-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zoom-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AC61DBF-F4B3-4022-8AA1-7203EC9B84EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83D1965F-4773-442E-8B3D-E651A203BB4C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5AC61DBF-F4B3-4022-8AA1-7203EC9B84EB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83D1965F-4773-442E-8B3D-E651A203BB4C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9EEEE31-F68A-430C-ADEE-866A61C3992D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{287C0ED1-A678-496F-AB49-CE59F8C27CF7}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Softonic-Eng7
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\prefs.js ]

Line Deleted : user_pref("CT2504091..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2504091.129079840421401584.isToggled_item0_12", "true");
Line Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Line Deleted : user_pref("CT2504091.CTID", "CT2504091");
Line Deleted : user_pref("CT2504091.CurrentServerDate", "8-11-2012");
Line Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Nov 08 2012 09:51:06 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Mon Apr 19 2010 22:04:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Line Deleted : user_pref("CT2504091.FeedPollDate128891351169457132", "Tue Apr 20 2010 07:49:50 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Mon Apr 19 2010 21:49:50 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Line Deleted : user_pref("CT2504091.FirstServerDate", "16-4-2010");
Line Deleted : user_pref("CT2504091.FirstTime", true);
Line Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Line Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2504091.Initialize", true);
Line Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2504091.InstallationType", "Unknown");
Line Deleted : user_pref("CT2504091.InstalledDate", "Fri Apr 16 2010 22:27:11 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.IsGrouping", false);
Line Deleted : user_pref("CT2504091.IsMulticommunity", false);
Line Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Nov 08 2012 09:51:04 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2504091.LastLogin_2.5.8.6", "Mon Apr 19 2010 21:49:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.LastLogin_3.12.2.3", "Mon Jun 04 2012 18:03:02 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Thu Aug 02 2012 14:07:30 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Fri Aug 24 2012 06:59:53 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Thu Nov 08 2012 09:51:05 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Line Deleted : user_pref("CT2504091.Locale", "en-us");
Line Deleted : user_pref("CT2504091.LoginCache", 4);
Line Deleted : user_pref("CT2504091.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2504091.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2504091.SearchAppState.enc", "Mw==");
Line Deleted : user_pref("CT2504091.SearchAppTracking.enc", "c2VudA==");
Line Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
Line Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Nov 08 2012 09:51:03 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Nov 08 2012 09:51:04 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Nov 08 2012 09:51:03 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.SettingsLastUpdate", "1352141592");
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Apr 16 2010 22:26:57 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Line Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2504091.UserID", "UN87162410796945582");
Line Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.alertChannelId", "897164");
Line Deleted : user_pref("CT2504091.autoDisableScopes", 0);
Line Deleted : user_pref("CT2504091.backendstorage.cbcountry_001", "4155");
Line Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "5765642053657020313220323031322031303A30343A313620474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "4D6F6E2053657020313720323031322031303A30343A313420474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");
Line Deleted : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E636F756E73656C6C696E677379646E65792E636F6D2E61752F72656C6174696F6E736869702D6D617272696167652D636F756E73656C6C696E673A3A3A6[...]
Line Deleted : user_pref("CT2504091.cbcountry_001", "QVU=");
Line Deleted : user_pref("CT2504091.cbfirsttime", "V2VkIFNlcCAxMiAyMDEyIDEwOjA0OjE2IEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQ==");
Line Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2504091.defaultSearch", "false");
Line Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2504091.enableAlerts", "true");
Line Deleted : user_pref("CT2504091.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2504091.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2504091.fixUrls", true);
Line Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2504091.initDone", true);
Line Deleted : user_pref("CT2504091.installId", "conduitinstallerstub.exe");
Line Deleted : user_pref("CT2504091.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2504091.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2504091.isNewTabEnabled", true);
Line Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2504091&octid=CT2504091&SearchSource=15&CUI=UN87162410796945582&SSPV=EB_SSPV&Lay=1&UM=\[...]
Line Deleted : user_pref("CT2504091.lastVersion", "10.15.0.562");
Line Deleted : user_pref("CT2504091.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2504091.myStuffEnabled", true);
Line Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.counsellingsydney.com.au%2Ftherapist-psychologist-services\",\"EB_MAIN_FRAME_TITLE\":\"%[...]
Line Deleted : user_pref("CT2504091.openThankYouPage", "false");
Line Deleted : user_pref("CT2504091.openUninstallPage", "false");
Line Deleted : user_pref("CT2504091.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT2504091.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Line Deleted : user_pref("CT2504091.search.searchCount", "0");
Line Deleted : user_pref("CT2504091.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VuzeRemote.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364359012770");
Line Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1364359314512");
Line Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364359012797");
Line Deleted : user_pref("CT2504091.serviceLayer_services_location_lastUpdate", "1364359137265");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358290892024");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360724645246");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363129818243");
Line Deleted : user_pref("CT2504091.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364359136437");
Line Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364359011415");
Line Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1364359136665");
Line Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1364359130937");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364359011177");
Line Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1364359314586");
Line Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1364359131488");
Line Deleted : user_pref("CT2504091.settingsINI", true);
Line Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2504091.showToolbarPermission", "false");
Line Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Line Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Line Deleted : user_pref("CT2504091.startPage", "false");
Line Deleted : user_pref("CT2504091.testingCtid", "");
Line Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Nov 08 2012 09:51:04 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.toolbarBornServerTime", "16-4-2010");
Line Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "27-3-2013");
Line Deleted : user_pref("CT2504091.toolbarDisabled", "true");
Line Deleted : user_pref("CT2504091.toolbarLoginClientTime", "Sun Mar 17 2013 21:56:16 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2504091.url_history0001.enc", "aHR0cDovL3d3dy5jb3Vuc2VsbGluZ3N5ZG5leS5jb20uYXUvOjo6Y2xpY2toYW5kbGVyOjo6MTM0NzQzMjkzNjg4MywsLGh0dHA6Ly93d3cuY291bnNlbGxpbmdzeWRuZXkuY29tLmF1L2NvbW1vbi1jb25j[...]
Line Deleted : user_pref("CT2504091.usagesFlag", 2);
Line Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364359004947,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"b8e52b484895bd5e9c9174d1489ee6603\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", "\"1294264391\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1326306883\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "vxk6t0OzPvFXpMAKGwRvzg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"80b45d28468cd1:1501\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280", "\"1295971971\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f7bd4408766b271f9992443417d05260\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 28 2011 09:47:31 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed May 25 2011 04:47:08 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jul 02 2011 11:45:09 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "38dc2ccc-6c37-47c2-a2ab-405bc7b76e82");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "c63a4109-c266-41d0-b206-3be593a1bbc5");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed May 25 2011 04:47:09 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 28 2011 21:28:36 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "01/26/2011 10");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Jan 26 2011 18:21:37 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 28 2011 21:28:32 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jan 26 2011 18:21:13 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 29 2011 16:15:08 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 29 2011 16:15:08 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN65502116934321403");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-GB");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 28 2011 21:28:32 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Mar 31 2011 10:30:16 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Adwords,Alerts,Analytics,Apps,Calendar,Mail,Mail - Gmail this,Maps,Reader,Search-based keyword tool,Wave,Web Search,Webmaster-Tools,Website Optimize[...]
Line Deleted : user_pref("extensions.enabledItems", "{22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1,{7c6d11c6-41b5-11dc-8314-0800200c9a66}:1.0.3,{5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.6,{CAFEEFAC-0016-0000-0017-A[...]
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Line Deleted : user_pref("smartbar.machineId", "727S+J4U9H1PRSF5VRANLTFBFGGDXDH7CZN2VEF0R/Y7WAXZAYKORGNBZV9N6+UZ1PCDOP808HI7ZGQHKZSUQQ");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Saskia & Katia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [35672 octets] - [08/10/2013 17:22:35]
AdwCleaner[S0].txt - [35011 octets] - [08/10/2013 17:26:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35072 octets] ##########

***************
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by danHP on 08/10/2013 at 17:33:25.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5BE145AB-2487-4178-B2AC-9A07B752430A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB982671-7501-40BF-89C0-460D76A2A63C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5BE145AB-2487-4178-B2AC-9A07B752430A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\danHP\appdata\local\filetypeassistant"



~~~ FireFox

Successfully deleted the following from C:\Users\danHP\AppData\Roaming\mozilla\firefox\profiles\wgtq8na8.default\prefs.js

user_pref("extensions.seoquake.baidu-mode", 1);
user_pref("extensions.seoquake.params.0.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
Emptied folder: C:\Users\danHP\AppData\Roaming\mozilla\firefox\profiles\wgtq8na8.default\minidumps [39 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/10/2013 at 17:36:21.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 10/8/2013 5:39:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\danHP\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.61% Memory free
5.93 Gb Paging File | 3.63 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.92 Gb Total Space | 190.03 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive D: | 11.65 Gb Total Space | 0.86 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: DANHP-PC | User Name: danHP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 17:12:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\danHP\Downloads\OTL.exe
PRC - [2013/10/04 09:20:24 | 029,767,928 | ---- | M] (Dropbox, Inc.) -- C:\Users\danHP\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/09/13 19:30:18 | 000,470,816 | ---- | M] (Glarysoft Ltd) -- C:\Program Files\Glary Utilities 3\Integrator.exe
PRC - [2013/09/12 19:31:23 | 012,614,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/09/12 19:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/12 19:22:33 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/08/20 23:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcfgex.exe
PRC - [2013/08/02 11:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/23 10:08:38 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/07/12 15:09:16 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/06/24 21:03:51 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2012/11/23 13:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/15 17:53:24 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/16 18:23:30 | 006,638,080 | ---- | M] () -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
PRC - [2010/06/09 16:15:34 | 000,417,906 | ---- | M] () -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2009/11/10 05:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/07/03 08:16:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/03 08:15:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2009/01/15 16:19:08 | 000,462,848 | ---- | M] () -- C:\Program Files\Generic\Network Printer Wizard\NPWService.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/04 09:09:00 | 003,558,400 | ---- | M] () -- C:\Users\danHP\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/09/30 23:25:02 | 000,842,240 | ---- | M] () -- C:\Program Files\Link-AssistantCom\Rank Tracker\libs\mozswing\xulrunner\js3250.dll
MOD - [2013/09/30 23:25:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Link-AssistantCom\Rank Tracker\libs\ICE_JNIRegistry.dll
MOD - [2013/09/13 19:31:50 | 000,080,160 | ---- | M] () -- C:\Program Files\Glary Utilities 3\zlib1.dll
MOD - [2013/08/16 10:43:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/16 10:22:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/16 10:22:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/16 10:22:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/19 09:00:41 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/14 07:48:52 | 024,978,944 | ---- | M] () -- C:\Users\danHP\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/09/08 14:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 14:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2010/11/22 01:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/20 17:34:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 00:17:20 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/12 19:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/27 15:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/12 18:00:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/15 17:53:24 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/07/16 18:23:30 | 006,638,080 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/03/10 03:00:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/11/10 05:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/03 08:15:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/15 16:19:08 | 000,462,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Generic\Network Printer Wizard\NPWService.exe -- (NPWService)


BRONI PART 2 FOLLOWS - CHARACTER LIMITE EXCEEDED
 
PART 2


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\danHP\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/09/13 19:32:36 | 000,011,552 | ---- | M] (Glarysoft Ltd) [Kernel | On_Demand | Running] -- C:\Program Files\Glary Utilities 3\ProcObsrv.sys -- (ProcObsrv)
DRV - [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2012/08/24 01:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/24 01:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/13 19:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 19:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/02/14 14:26:46 | 000,085,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/02/14 14:26:46 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/02/14 14:26:46 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/02/14 14:26:42 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2011/02/14 14:26:30 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/02/14 14:26:20 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/11/20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/09 23:16:06 | 000,267,208 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010/03/27 15:14:04 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/06 08:31:42 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/13 17:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/11/03 04:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/11/03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/10/26 18:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/07/24 03:51:46 | 004,232,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/07/21 14:39:00 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/14 11:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 09:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/03 08:50:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/30 05:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/30 03:59:00 | 000,101,392 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/06/29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/06/29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/06/03 12:28:18 | 000,171,776 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenHC.sys -- (EST_Server)
DRV - [2009/05/27 14:19:38 | 000,027,008 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenBus.sys -- (EST_BusEnum)
DRV - [2009/04/30 02:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/04/07 12:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{34B9E3DF-C697-4761-89BD-63110A43F3D7}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: en-AU%40dictionaries.addons.mozilla.org:2.1.2
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.46
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.7
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: toolbar%40seomoz.org:2.61
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.12.0.13601
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/02 20:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/07/12 15:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 00:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 00:17:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 00:17:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 00:17:14 | 000,000,000 | ---D | M]

[2012/02/15 13:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Extensions
[2012/02/15 13:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/01/03 16:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/10/08 17:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions
[2012/08/16 11:46:35 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013/08/25 11:19:55 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2013/09/14 11:24:31 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/09/27 10:14:28 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2012/08/17 11:10:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/05/16 15:36:27 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
[2010/08/03 22:55:26 | 000,000,000 | ---D | M] (GA?) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}
[2013/06/15 23:09:36 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/08/16 11:46:39 | 000,000,000 | ---D | M] (English (Australian) Dictionary) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2013/08/26 11:21:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\foxyproxy@eric.h.jung
[2012/08/16 11:46:06 | 000,075,731 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\bettergcal@ginatrapani.org.xpi
[2013/10/05 14:26:22 | 002,209,401 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\firebug@software.joehewitt.com.xpi
[2013/08/31 11:21:43 | 001,314,979 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\firefox@ghostery.com.xpi
[2013/02/04 18:07:18 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\restartless.restart@erikvold.com.xpi
[2013/07/27 21:50:56 | 000,698,216 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\toolbar@seomoz.org.xpi
[2013/08/29 11:21:41 | 001,250,536 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\treestyletab@piro.sakura.ne.jp.xpi
[2013/08/18 19:13:24 | 000,590,000 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\uriloader@pdf.js.xpi
[2013/08/13 19:06:52 | 002,083,238 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\wisestamp@wisestamp.com.xpi
[2013/08/14 19:13:19 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/08/16 11:46:18 | 000,112,720 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}.xpi
[2013/06/19 18:02:15 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2013/09/27 14:24:12 | 000,850,224 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2011/10/19 17:55:51 | 000,372,140 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/08/16 11:45:55 | 000,166,004 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.xpi
[2013/06/19 18:02:15 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/03/01 14:02:20 | 000,120,189 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi
[2013/07/27 21:50:56 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/08/17 11:10:46 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/06/15 23:09:19 | 000,150,349 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013/04/19 16:05:30 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\danHP\AppData\Roaming\Mozilla\Firefox\Profiles\wgtq8na8.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/09/19 00:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/01 17:56:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 17:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 17:57:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/19 00:17:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/02 20:53:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Skype Click to Call = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
CHR - Extension: Gmail = C:\Users\danHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2013/10/08 09:09:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [Rank Tracker] C:\Program Files\Link-AssistantCom\Rank Tracker\bin\ranktracker.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\danHP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Generic\Network Printer Wizard\NPWprint.dll (Elite Silicon Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF}: NameServer = 220.233.0.4,220.233.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862D6F09-91E4-44E8-B47A-59959EF5E70D}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88DBCDF7-D6F7-422A-B366-36DF524B9D05}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 17:33:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/08 17:22:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/08 10:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom
[2013/10/08 10:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Link-AssistantCom
[2013/10/08 09:09:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/08 09:06:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/07 16:54:22 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Roaming\AVG2014
[2013/10/07 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/07 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/07 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Local\Avg2014
[2013/10/07 16:15:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/07 16:15:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/07 16:15:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/07 16:02:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/07 16:00:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 11:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/04 11:00:44 | 000,000,000 | ---D | C] -- C:\Users\danHP\Desktop\mbar
[2013/10/04 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\danHP\Desktop\RK_Quarantine
[2013/10/01 19:36:18 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Roaming\DiskDefrag
[2013/09/27 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/09/27 10:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/09/27 10:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2013/09/26 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Roaming\Leadertech
[2013/09/26 13:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/09/26 13:30:52 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
[2013/09/26 13:30:48 | 000,000,000 | ---D | C] -- C:\Users\danHP\AppData\Roaming\GlarySoft
[2013/09/26 13:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3
[2013/09/26 13:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 3
[2013/09/20 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/09/19 00:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/10 22:11:44 | 000,022,840 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/09 09:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/09/08 22:12:16 | 000,027,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

========== Files - Modified Within 30 Days ==========

[2013/10/08 17:38:50 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 17:38:50 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/08 17:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 17:36:45 | 000,678,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/08 17:36:45 | 000,129,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/08 17:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/08 17:31:54 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/10/08 17:30:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 17:30:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 17:30:20 | 2390,114,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 17:22:09 | 000,554,143 | ---- | M] () -- C:\Users\danHP\.ranktracker.properties
[2013/10/08 11:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack HP to Netwok Drive.job
[2013/10/08 10:06:40 | 000,002,260 | ---- | M] () -- C:\Users\danHP\Desktop\Rank Tracker.lnk
[2013/10/08 09:09:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/07 16:53:50 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/07 16:30:19 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordanHP.job
[2013/10/04 17:28:32 | 000,002,270 | -H-- | M] () -- C:\Users\danHP\Documents\Default.rdp
[2013/10/04 16:29:41 | 000,000,204 | ---- | M] () -- C:\Windows\MYOBP.INI
[2013/10/04 16:29:35 | 000,000,043 | ---- | M] () -- C:\Windows\MYOB.INI
[2013/10/04 12:55:26 | 000,001,049 | ---- | M] () -- C:\Users\danHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/29 21:46:17 | 000,001,794 | ---- | M] () -- C:\Users\danHP\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/09/27 10:17:20 | 000,000,989 | ---- | M] () -- C:\Users\danHP\Desktop\WinDirStat.lnk
[2013/09/26 13:30:52 | 000,001,062 | ---- | M] () -- C:\Users\danHP\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/09/26 13:30:52 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/09/26 13:19:44 | 000,001,990 | ---- | M] () -- C:\Users\danHP\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/24 09:39:26 | 001,814,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/13 19:32:14 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\Windows\System32\BootDefrag.exe
[2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys

========== Files Created - No Company Name ==========

[2013/10/08 10:06:40 | 000,002,260 | ---- | C] () -- C:\Users\danHP\Desktop\Rank Tracker.lnk
[2013/10/07 16:53:50 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/07 16:15:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/07 16:15:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/07 16:15:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/07 16:15:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/07 16:15:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/27 10:17:20 | 000,000,989 | ---- | C] () -- C:\Users\danHP\Desktop\WinDirStat.lnk
[2013/09/26 13:30:52 | 000,001,062 | ---- | C] () -- C:\Users\danHP\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/09/26 13:30:52 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 3.lnk
[2013/09/26 13:30:48 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 3.job
[2013/09/26 13:30:46 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 3.lnk
[2013/08/22 10:59:26 | 000,007,608 | ---- | C] () -- C:\Users\danHP\AppData\Local\Resmon.ResmonCfg
[2013/04/20 09:56:20 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2013/04/20 09:56:20 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013/04/20 09:56:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2013/02/20 11:06:00 | 000,000,132 | ---- | C] () -- C:\Users\danHP\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/02 14:14:14 | 000,000,600 | ---- | C] () -- C:\Users\danHP\AppData\Local\PUTTY.RND
[2012/10/10 12:41:24 | 000,001,456 | ---- | C] () -- C:\Users\danHP\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/09/25 11:52:08 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2012/07/30 16:34:23 | 000,000,513 | ---- | C] () -- C:\Windows\OPAWTMP.DAT
[2012/03/02 15:25:28 | 000,000,043 | ---- | C] () -- C:\Windows\MYOB.INI
[2012/03/02 15:25:27 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2012/03/02 15:18:27 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2011/11/18 09:15:44 | 000,000,102 | ---- | C] () -- C:\Windows\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}.ini
[2011/03/10 10:34:07 | 000,000,632 | RHS- | C] () -- C:\Users\danHP\ntuser.pol
[2011/02/14 14:22:58 | 000,222,142 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/01/09 08:30:04 | 000,001,849 | ---- | C] () -- C:\Users\danHP\AppData\Roaming\GhostObjGAFix.xml
[2010/11/09 22:22:06 | 000,789,498 | ---- | C] () -- C:\Users\danHP\AppData\Local\tmpDSCN0070.0
[2010/11/09 22:22:06 | 000,227,630 | ---- | C] () -- C:\Users\danHP\AppData\Local\tmpDSCN0070.JPG
[2010/07/25 19:29:32 | 000,887,008 | ---- | C] () -- C:\Users\danHP\AppData\Local\tmpPHOTO 1 (2).JPG
[2010/07/02 16:17:44 | 000,619,599 | ---- | C] () -- C:\Users\danHP\.spyglass.properties
[2010/04/14 12:55:29 | 000,072,080 | ---- | C] () -- C:\Users\danHP\g2mdlhlpx.exe
[2010/03/12 19:23:26 | 000,005,632 | ---- | C] () -- C:\Users\danHP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 16:24:43 | 000,554,143 | ---- | C] () -- C:\Users\danHP\.ranktracker.properties

========== ZeroAccess Check ==========

[2009/07/14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/10 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\AMS
[2013/10/07 16:54:22 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\AVG2014
[2013/10/06 09:31:01 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Azureus
[2010/05/25 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Canon
[2013/10/01 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\DiskDefrag
[2013/10/08 17:39:32 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Dropbox
[2012/11/01 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\FileZilla
[2013/09/26 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\GlarySoft
[2010/12/17 11:21:47 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\GoodSync
[2012/12/24 11:18:19 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\ImgBurn
[2012/11/01 12:04:47 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\IObit
[2010/12/14 14:33:04 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\iResolveIT
[2013/09/26 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Leadertech
[2013/09/09 10:58:50 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\MediaMonkey
[2010/01/31 19:52:22 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Motorola
[2012/12/25 09:02:35 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Mp3tag
[2012/11/18 20:09:28 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Nico Mak Computing
[2012/11/28 15:39:42 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Notepad++
[2011/01/21 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\OffiSync
[2012/07/30 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\OkiData
[2010/05/16 15:36:26 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\OpenOffice.org
[2011/01/22 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Raptr
[2013/07/12 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\RoboForm
[2011/03/16 19:17:27 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Smartsoft (Australia) Pty Ltd
[2013/03/22 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\TeamViewer
[2012/10/16 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\TuneUp Software
[2012/11/01 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\uTorrent
[2011/11/18 09:23:40 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\Vodafone
[2010/01/03 15:06:11 | 000,000,000 | ---D | M] -- C:\Users\danHP\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
 
OTL Extras logfile created on: 10/8/2013 5:39:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\danHP\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.61% Memory free
5.93 Gb Paging File | 3.63 Gb Available in Paging File | 61.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.92 Gb Total Space | 190.03 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive D: | 11.65 Gb Total Space | 0.86 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: DANHP-PC | User Name: danHP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A28BA8A-AD90-44E3-8104-F87E16E7ECCE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0B39BA3D-436A-4654-B850-30CF1D8B351B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0E011780-70C0-474A-A51F-935C417D2E67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14E4D853-6323-4E28-B42C-E4125E62F48E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{160E7DA4-D1B1-47FE-BC0D-162A1E1E3C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F5B8AF6-EA8D-4AF8-92A0-85DBAE25DF49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20CDB8DD-FCC1-4065-AFB6-D5FEDC170DF7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{25C9C1CE-64FD-4318-9407-758259796B6B}" = rport=138 | protocol=17 | dir=out | app=system |
"{273CB0C9-D806-4364-B595-B11BCC8063A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28BEC177-0C9A-43F0-9F4C-3FE9DC75AF77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35594F4E-82F9-4675-BDD1-DA6E3B240A47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{385DC5E8-1779-47A8-8FED-C438B344BF5D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3E9DAA40-2CD1-49C0-A340-E1D1469ABAB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40F3553A-D6A2-4519-A522-6E289E860B5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{418258C4-169A-4ED4-9676-CBE02D62E961}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51F79D56-1ABC-45B4-B4DC-03A44695EB15}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5362AAFC-4821-4F8F-9ADE-8110524208F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5ACE45EC-78F3-46E3-910D-5EAF8ACFD42E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D1DF0E4-7194-44DC-BA01-44010E2942F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DED564A-B901-4F2B-BC47-448CF44FC2AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5FF32F06-F05A-4314-84BF-399C16E85E5E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D006659-6EE1-4125-B039-1F2B54BE3267}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{76B5057D-E228-420F-A3A0-1947A2657837}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{796F6058-83A9-410B-89DB-DE79F0C865ED}" = lport=1433 | protocol=6 | dir=in | name=sql server |
"{7B929482-D174-49A1-B364-942C8A28327E}" = rport=137 | protocol=17 | dir=out | app=system |
"{86D51971-4C21-4ED1-BEE9-066F7307314C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{871CD26A-4842-4E8D-9883-619892F71BBF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87530DB8-942F-4F34-9495-DDF4231F2FBB}" = lport=1433 | protocol=6 | dir=in | name=sql server |
"{93CE67AB-9128-4D34-8CB4-22BCA5FCB623}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{948663AA-8822-4A56-909B-2E64959A3625}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99BC0C80-505C-43E9-848D-EE350B02B717}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A092CCE4-F688-4A41-84D2-419A0D764673}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A757945D-BBF7-4486-A35E-5B775E00FF5E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B1570AB7-1C46-4C10-8C8E-646D7694BE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8091822-5BC3-403B-B434-B725746D8F77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B95D785B-57DA-4ECF-B68A-A8357C707E3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBE460B8-4159-48A8-984E-D1C3CFFD64A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6B479E4-592F-43E6-AEB9-39C867C423EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC6E8724-291F-47FE-B751-85E1BD5629F6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CDDD8208-99E5-4DDD-8661-05D0D3EA4BA7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CF70E3BA-A1A2-4510-A9CA-78A04B934348}" = lport=137 | protocol=17 | dir=in | app=system |
"{D185708B-D033-4D04-9CC1-FC63E6D8C24A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E108B0AD-FF33-41D0-8B1B-402F883B5F0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E73C8DE4-C01A-4D43-99F2-0248659F8BC0}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7F06F37-11EF-45F8-BDDA-8C2B04B5BD3E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC49D925-D42E-4025-BE17-DE1B0E1213F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED0130C1-1FF7-4032-BB67-8CE12F996BB0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF570552-34BE-435F-93A7-82881F270309}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F76D8E4B-F3B6-4BA9-9EA1-9BDE2EFD7DD2}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A99B20-0D35-4DC2-86A6-62850548DE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0476BF08-2052-43D3-9DC8-E3B8E44AC386}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{06632149-7341-4C7F-A187-B9F9F84788DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0B9E3D6F-D288-4AE6-AB0D-27503FBF5278}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0D2615CF-A159-4465-9F68-A4092F568534}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{18EFDD6E-85E6-41CE-A2F0-3DAB8325070A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{1B3E1D60-55F0-4DF7-90AE-8F0688247E72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1ED11AEF-7BC9-4F81-9AB4-9DA402CAF174}" = protocol=6 | dir=in | app=c:\program files\front desk 2000\fdmessenger.exe |
"{21F4EB16-11E5-4518-8F46-8910B6BB7074}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{22D54262-78D8-4F34-978F-7DB43CFCCEFD}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{22E88CE6-0C61-4753-A5D7-28D7B544C687}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{2353FBD9-53DE-45B8-974B-4A89F8A90B3D}" = protocol=6 | dir=out | app=system |
"{26568010-AEFE-48EA-9EB0-3B80C5DECF31}" = protocol=17 | dir=in | app=c:\btguard\utorrent.exe |
"{26CE3FC5-F3F4-4450-9949-61BA8900F062}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{281AECE7-31FD-4AD0-813A-03F3CC03C8B1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{296C86BC-6199-4BBB-A9D3-06638FC856C6}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{29AF97F0-EABD-486D-82BC-4F13396E398F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{29B308EC-F177-415B-93BD-1F19E76F793C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A089306-3C29-41C1-8351-1F492846C64F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2F989CBA-47EC-47A2-9297-FFBBB939EE55}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{30B90332-8077-4501-ACA3-A365AF97CBC4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{31F77AF6-4739-49B1-821D-BA3228EF1A0C}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{33724DB7-13AA-4E5D-9304-1056E7059694}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{346CF9E0-C640-446A-95C6-9DDEB2FB8606}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3549BB26-306A-467F-8997-D85C8DF25443}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{3801933C-07DD-4A9A-BA14-FF3002A832A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{385893BA-9C81-4CE9-9291-893F84CC10DE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B783A4C-E1CC-40AA-898C-E9A918FECE5A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3B943AF8-0457-43F4-A9BB-A13CD9ED7690}" = dir=in | app=c:\program files\hewlett-packard\media\live tv\qpservice.exe |
"{3C2C0D05-FB9E-474A-A276-8489C3BB1208}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FD9CE8A-51E1-442B-8FFC-B828D770E143}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{40290F09-1472-4CD0-A095-47336B7D09E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4130B59E-FBCC-4D76-AEA8-8F11683BF2DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{433F3CB1-99F3-4EC7-B496-52B997B24975}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{47EBF1D7-6023-4861-BCAF-B9CB3D794B23}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{48897045-C737-460B-853C-DF8FA7955E6A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{4969B77B-BBCE-41FB-A0EE-ED7625A3EC55}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{4A25FBB2-5C58-4DA0-8354-B7D260129F3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C923B74-137E-43C9-B8D5-06604D348B87}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4E5DAEF8-2ED8-4A8E-841D-8E61426A0C37}" = protocol=17 | dir=in | app=c:\program files\front desk 2000\fdmessenger.exe |
"{51813A68-2260-4E31-8290-EAEDAFB75DBA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{5182F1D2-B36A-4C55-B6B5-7BAD31D2DB5A}" = dir=in | app=c:\program files\hewlett-packard\media\live tv\qp.exe |
"{526C9384-2A1A-4829-9FA7-B4447C5CB4F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{552D6A82-4E26-4F75-BBDB-2F32117F65AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D6B6B74-6955-4E0E-8FEC-F15207D4F034}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{60093002-53F2-4885-B9CA-97A8513D25D6}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{604615F7-BF59-400E-A451-184B5B0E6850}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{61B11E94-F49C-4CD6-925E-2FFF1E4C09EC}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{648DC6AE-E99B-4D3C-AA56-71D923CA6BC7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6809795E-85A7-4407-A047-313C8B26AE75}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{68CE32C7-13E4-4D94-AD75-95E9A49B9F2A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6BC0C8CB-3EBF-47DF-8EA5-BE2B6297C7EA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{6EC653B7-92B9-48E2-9477-26E686B7041E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{716C569E-C93A-47F1-9F06-5476F27B5412}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{742CAE12-61FF-4F57-9335-CC2CA0353479}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{74C892FF-14EF-4437-BA24-6954DA5115F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75AA7A83-7C62-412C-8F73-BD5C906B4C4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78A85B57-F932-4972-BEF3-DB68E29C5CAC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{7C9BE0B7-E8AE-4C09-BF4E-C817117C8D78}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{87D656CF-8179-4943-BEF7-74A9CF6C8BE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A1C7633-474F-4EB2-8E3A-2371A7FBF3DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A294A13-28F2-414E-A1C6-1C097214BAFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{8A298268-C2F5-4C8A-B02C-06560BAD6450}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{8AC2D43B-1715-46AF-BB48-B187F3CD11F4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe |
"{8B7AF3CA-8439-492F-A812-C939C0BC2218}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{8F5C8ADC-8EA4-4AC0-B422-FA884B2D5A99}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{90B6446F-AE2B-44B5-8949-DE951FF11DD1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9290B402-6DBF-42FA-9F73-C077BABC8405}" = protocol=6 | dir=in | app=c:\program files\front desk 2000\fdmessenger.exe |
"{939CF4EA-8BF9-48F9-B04C-453DC5D24ED7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{94C324C9-5619-4DB9-B70C-4004B7CB9C52}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{989CB47B-9A23-4180-8EF4-5CAA478802F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98D6C040-7551-4771-87EB-F1A417C8AECB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9AEBA74F-85D9-48CC-A12E-23B263145ED9}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{9F77C83D-131C-49E6-9D29-E1DC287B9547}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9FA7F033-CCAB-4675-90BC-00B9734F12AD}" = protocol=17 | dir=in | app=c:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4055950-4985-4C16-AE35-5225D84CD4B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{A512DED2-A6EA-4C68-B247-8846672AC9E3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A552F7AB-BE62-4FCC-93C5-5E3B78DB89B4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A9D95503-6074-4335-B63C-C7430ECCD6A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AC8332AE-C421-4FBD-B80C-D939D221282A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{AFA7A960-2BD3-4282-A05C-811E7458DC88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B309EF9A-A6CC-424A-B052-307D3859FC6A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B3E27463-C6A9-4099-B658-334F8B6B2C3F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B95D32B8-F2FB-4D2D-92F2-53DA565DD339}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{B9B01DDA-C6B3-4D39-B8C3-0E50574CCE65}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{BAEDF415-C1E1-48AE-ACFF-2967608F5EB6}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{BD9BEAF3-2263-4767-A77C-9CC13EB24B50}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{C08F9380-2E61-4CD8-9FA8-0EE5262A853D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{C0A8FC32-C37C-4DC1-961E-8D11DE3A4150}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C0D1CDD2-5056-40EA-B150-B7431F7605A3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{C161FBB4-8856-48FC-940D-E674589DE8EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C31E0E53-BA98-4FDA-849C-B7A8262C6F60}" = protocol=6 | dir=in | app=c:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe |
"{C3D8F9BA-F1D2-471C-8176-233FE0D894D5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{C57BAF06-FCEB-4A9C-A06B-6DC4F4121B4D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{C6790573-10B8-410B-9074-3166A928BA5D}" = protocol=6 | dir=in | app=c:\btguard\utorrent.exe |
"{CBFE455D-9C16-4770-848C-92D3E4DDC6C8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{CF6100AA-1D43-4A68-9B0C-4B29009B55B8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{D34EDFDB-70CC-4D62-AA40-6D21E3EA2EC6}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{D3D18A95-B0F3-47B7-AA17-F4A54304F7BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D70D8D77-5B5B-46B6-A60C-7643ECA2B26D}" = protocol=17 | dir=in | app=c:\program files\front desk 2000\fdmessenger.exe |
"{D75E0BF5-3ED5-46FB-AD22-9E5CFC322F72}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D83BEAA8-B6E4-49AE-B04A-784BD7D2732D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DD51C685-BCD2-4ED9-8AB0-6B3EED986CE2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{DE697CEB-2230-4DB6-AF31-4EDCE95B1D8D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\samsung pc share manager.exe |
"{E0D3A4D9-848D-4346-AB98-E1202414F0AE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E41B3023-4AC4-49AF-9098-2434B79886BC}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E5D81531-0490-48B3-A88C-281D6DFADC35}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E8456313-098F-4828-A5E8-76878BA22FC4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{E91F9ECE-E328-4AA7-9E05-0F369CF8E0BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E932DDD0-2B60-4D97-898F-B72E1AD73ED0}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{E9F2EC94-8490-4504-9E0B-AFA124339851}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{EA6A17F8-0BE8-4FFE-864E-9ED44470EF5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED465A3D-8F0D-47DC-88FB-2853B9212F3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F058ACCE-1AA6-48BB-B114-DC3A21B8A496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1A33634-CF79-4A32-B85D-92DAD648966D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{F29EC479-BFF6-44D6-B501-B3B58F4D7764}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F42EF900-FC9E-4406-926B-ACBCB211AA18}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{F6596657-3336-4EB2-B8DD-C80A533824E6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{FABC06B2-1BEC-4756-A906-E0417EB6E69B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE852E0E-DBB9-4179-BBF2-77AEC7BF401E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"TCP Query User{27EF1AEB-6AA6-458C-9A2C-82DE5509C4E4}C:\program files\belkin\router setup and monitor\dlnaplugin.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\dlnaplugin.exe |
"TCP Query User{70140D03-688C-4FE5-8222-DE44348C629F}C:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{9260C8F7-2E49-4801-9B73-0752D5F11040}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{9523A875-2330-4A31-8558-9F16E6200606}C:\program files\belkin\router setup and monitor\qosplugin.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\qosplugin.exe |
"TCP Query User{B4757352-83E8-4E78-B9B0-DD26FA8F39B7}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{D0D87A2D-C2FA-46BB-B08E-5E4A432C57DA}C:\program files\belkin\router setup and monitor\qosplugin.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\qosplugin.exe |
"TCP Query User{E1743D5F-CF1A-4CB9-AA08-C4B0424B67B7}C:\program files\belkin\router setup and monitor\dlnaplugin.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\dlnaplugin.exe |
"TCP Query User{F63BF88C-9044-4CFA-BE7D-C7EE61BCB6E9}C:\program files\usb server\networking usb server\networking usb server.exe" = protocol=6 | dir=in | app=c:\program files\usb server\networking usb server\networking usb server.exe |
"UDP Query User{07BE7450-EFF7-4CD2-ADB4-E91C139F4E88}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{1571B06D-1D36-4169-8CF3-41844F715261}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{15A9B938-4CE3-4215-92EB-22524F5B95A1}C:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danhp\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{26F54CFD-5397-43B8-ADED-15B6A6269DDA}C:\program files\usb server\networking usb server\networking usb server.exe" = protocol=17 | dir=in | app=c:\program files\usb server\networking usb server\networking usb server.exe |
"UDP Query User{2F9176FA-9299-4C0E-8911-A997DAAB617C}C:\program files\belkin\router setup and monitor\qosplugin.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\qosplugin.exe |
"UDP Query User{3BB2A866-89AA-476D-8C0F-4A55EA7DAE5E}C:\program files\belkin\router setup and monitor\qosplugin.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\qosplugin.exe |
"UDP Query User{81F858B3-9870-46AB-A357-B1B07A7114E3}C:\program files\belkin\router setup and monitor\dlnaplugin.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\dlnaplugin.exe |
"UDP Query User{C284B93F-0B9B-4878-A004-F95900E2AB71}C:\program files\belkin\router setup and monitor\dlnaplugin.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\dlnaplugin.exe |

BRONI ********** PART 2 FOLLOWS
 
PART 2

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01738803-6F1B-4596-9B11-7870917029A4}" = Google AdWords Editor
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12F3BB85-62FB-476D-AAB9-9AB94AF864D4}" = Network Printer Wizard
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27B0C2FD-9739-8D7D-6552-307C786D9097}" = Catalyst Control Center InstallProxy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294E33BF-1952-44BD-A961-B7138306BFE0}" = MYOB Accounting v15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (FRONT_DESK)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{38022B5C-0C69-389F-DA48-B87480B5705A}" = CCC Help Turkish
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BBBF379-6C7E-0985-18F6-6C60D6C36EC6}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2F56AC-C043-C84F-3EF1-E6D6F21E934F}" = Catalyst Control Center Graphics Full Existing
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F2C2E34-5A3E-0E70-BDFC-A5B1E3C2FFAC}" = Catalyst Control Center Graphics Light
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{532715CE-CFD6-E4F8-53C3-2F1DE31C04DA}" = CCC Help Hungarian
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{558CC8A3-F1A2-9C31-7B90-F61E476B8622}" = CCC Help Dutch
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{56295F11-6C22-4D7C-AC14-0AA2B40A9BBE}" = ScannerDriver
"{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5D76ABD5-262B-6D65-6C13-F38175C7A5AF}" = CCC Help Korean
"{5D92E608-E454-0C8C-D577-7F7C06151117}" = CCC Help Greek
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76D0B7D8-6683-4D54-A108-046A5E542F0B}" = SoftStylus
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{79EECA21-CDFA-6012-5E8B-6CF2623D647A}" = Catalyst Control Center Graphics Full New
"{7BE6BC10-6737-CD9D-8363-F919B8D6D917}" = Catalyst Control Center Core Implementation
"{7BEF3442-262D-4316-9367-8D6AED374A4D}" = Networking USB Server
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80FBA7A7-ABD1-4910-A916-023075C45593}" = CCC Help Danish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8797DE34-22BC-CA33-6B67-A0CC2765B545}" = CCC Help German
"{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89D1C17B-90DE-650A-073A-A7FA7BC6ECE5}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8C4EAC-9AB7-45FA-9480-5716FD261033}" = Nero 7 Essentials
"{8C664716-FD23-9902-A29E-863D056F46FC}" = CCC Help Russian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F36B221-F483-B7CE-4DDA-7BDA4D81E306}" = CCC Help English
"{8FB16749-1235-D027-AF25-1D22A9FEC0D5}" = CCC Help Thai
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A3A4DE-656A-5C7A-5B61-75FB6D167A6A}" = CCC Help Polish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EDB805A-E11C-8842-2393-FDFDA17963AC}" = CCC Help Chinese Traditional
"{A16D1BBD-BE86-0183-4152-2E85FECC31F7}" = CCC Help Finnish
"{A19856E3-C9D7-988E-5B8C-70C87342B8DD}" = Catalyst Control Center Localization All
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}" = Evernote v. 4.6.7
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.7 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AD777154-A573-4FCA-C730-D7C33437262C}" = CCC Help Czech
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B66D2CC9-652D-EBE5-497F-74BBC1029FB4}" = CCC Help Japanese
"{B6A4D07E-725F-07CD-DE49-8AB76939631D}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF930A5D-4F36-5158-C8DA-DECD5B51A78E}" = CCC Help Chinese Standard
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6CE2447-877A-49C7-8273-9185C3873F79}" = AVG 2014
"{C6FCE95C-0072-40C0-9AB2-3EF88DA6CED9}" = Catalyst Control Center Graphics Previews Common
"{C8068791-C409-4D51-8461-E3CA111561DF}" = Front Desk 2010
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF166A93-835F-DF13-E974-FD73E8D7F4F6}" = CCC Help Swedish
"{E09F7D2B-C1C1-D80B-7775-6FFE9D713C60}" = CCC Help Spanish
"{E1F85CCE-735F-4CD2-B5AA-1F471AA6AF11}" = AVG 2014
"{E26EEBF8-3A50-8095-5877-AE243C8852EF}" = Catalyst Control Center Graphics Previews Vista
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC8049FF-B0E3-A963-408C-1B1D8F20DD55}" = CCC Help Italian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3FB99DB-FF0E-DECE-E497-37336243544B}" = ccc-utility
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
"{FD1D88FA-E5E0-BA76-73C8-7362E9703842}" = ccc-core-static
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-9-0-0 (All Users)
"AVG" = AVG 2014
"AVI To MP4 Converter_is1" = AVI To MP4 Converter 1.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BelkinDailyDj" = Belkin Daily DJ
"BelkinLabeler" = Belkin Music Labeler
"Bit Boost_is1" = Bit Boost
"BitZipper_is1" = BitZipper 2013
"CamStudio" = CamStudio
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Glary Utilities 3" = Glary Utilities 3.9.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{12F3BB85-62FB-476D-AAB9-9AB94AF864D4}" = Network Printer Wizard
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{294E33BF-1952-44BD-A961-B7138306BFE0}" = MYOB Accounting v15
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"InstallShield_{56295F11-6C22-4D7C-AC14-0AA2B40A9BBE}" = OKI MC351/361/561 Scanner
"InstallShield_{7BEF3442-262D-4316-9367-8D6AED374A4D}" = Networking USB Server
"InstallShield_{882A5640-C55C-4542-B96D-9223AC7C7141}" = MYOB AccountRight Standard v19.1
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"Music Mover_is1" = Music Mover
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"Picasa 3" = Picasa 3
"RealMedia" = RealMedia (remove only)
"Screaming Frog SEO Spider" = Screaming Frog SEO Spider
"seopowersuite" = Rank Tracker
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"ULTIMATER" = Microsoft Office Ultimate 2007
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.52
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BTGuard 2.4" = BTGuard 2.4
"Dropbox" = Dropbox
"Dulux MyColour4" = Dulux MyColour4
"GoToMeeting" = GoToMeeting 4.5.0.456
"oDVT" = oDesk Team
"pdfsam" = pdfsam
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:54 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 6/19/2012 7:42:53 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Object
reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: HP.SupportFramework.Communicator

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3039 Ram Utilization: 60 TargetSite: Void closeConnection()

Error - 11/24/2012 7:00:06 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 11/24/2012 7:00:06 PM | Computer Name = danHP-PC | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.232|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.257|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.272|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.286|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.300|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.315|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.330|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

Error - 11/26/2012 1:17:41 AM | Computer Name = danHP-PC | Source = CaslSmBios | ID = 5
Description = 2012/11/26 16:17:41.343|0000588C|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE

[ OSession Events ]
Error - 1/27/2010 12:16:05 PM | Computer Name = danHP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 401404
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 11/28/2011 8:41:07 PM | Computer Name = danHP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 232
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2012 7:28:18 PM | Computer Name = danHP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 151990
seconds with 5760 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/8/2013 2:39:24 AM | Computer Name = danHP-PC | Source = DCOM | ID = 10010
Description =


< End of report >


PHEW!!
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\danHP\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Thanks again Broni. OTL Log after fix here.

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\danHP\AppData\Local\Temp\catchme.sys not found.
Service BootDefragDriver stopped successfully!
Service BootDefragDriver deleted successfully!
File System32\drivers\BootDefragDriver.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip Image\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip selection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip this page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip URL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 10092013_152155

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
CHECK UP RESULTS

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Registry Cleaner 7.52
JavaFX 2.1.1
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.66
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 13-09-2013
Ran by danHP (administrator) on 09-10-2013 at 15:48:32
Running from "C:\Users\danHP\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 13:39] - [2013-07-06 16:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 13:39] - [2013-07-09 15:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-12 09:17] - [2013-05-27 15:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
RE ESET SCANNER - the default option was 'remove threats' - I unchecked this and selected SCAN only.

Results coming soon.
 
Sorry Broni - one other thing. I was running a bit torrent annonymiser (proxy?) called Bt Guard - https://btguard.com/. I was just testing it and noticed it is not working. It may not have been working before. But I plan to reinstal it later after we finish. Just mentioning it in case it is relevant. Thanks

ESET still scanning.
 
Thank you for your donation :)

redtarget.gif
Uninstall Wise Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

redtarget.gif
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back