# AdwCleaner v4.101 - Report created 15/11/2014 at 03:31:49
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Avalon - DENOFINIQUITY
# Running from : C:\Documents and Settings\Avalon\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Util Framed Display
[#] Service Deleted : Update Framed Display
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Framed Display
Folder Deleted : C:\Documents and Settings\Avalon\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Avalon\My Documents\Aimersoft Video Converter Ultimate
File Deleted : C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41F19F7E-A640-4C34-BCFD-12FADF52473B}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Framed Display
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
[mydm192n.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");
[mydm192n.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");
[mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutC[...]
[mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1Czu[...]
[mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[mydm192n.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtBtBtDyBtCyCtB0FyBtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1C[...]
*************************
AdwCleaner[R0].txt - [13856 octets] - [29/09/2014 22:07:08]
AdwCleaner[R1].txt - [326 octets] - [15/11/2014 03:21:45]
AdwCleaner[R2].txt - [3291 octets] - [15/11/2014 03:23:27]
AdwCleaner[S0].txt - [14240 octets] - [29/09/2014 22:12:45]
AdwCleaner[S1].txt - [3331 octets] - [15/11/2014 03:31:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3391 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Microsoft Windows XP x86
Ran by Avalon on Sat 11/15/2014 at 3:39:01.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\005"
~~~ FireFox
Successfully deleted the following from C:\Documents and Settings\Avalon\Application Data\mozilla\firefox\profiles\mydm192n.default\prefs.js
user_pref("extensions.BlockSite.blacklist", "safesear.ch/?type=20140925-125-ff-sr");
user_pref("extensions.xkit7.extension_go_to_dash", "{\"script\":\"//* TITLE Go-To-Dash **//\\r\\n//* VERSION 1.0 REV F **//\\r\\n//* DESCRIPTION View a post on a blog on your
user_pref("extensions.xkit7.extension_one_click_postage", "{\"script\":\"//* TITLE One-Click Postage **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you easily
user_pref("extensions.xkit7.extension_one_click_reply", "{\"script\":\"//* TITLE One-Click Reply **//\\r\\n//* VERSION 1.9 REV F **//\\r\\n//* DESCRIPTION Lets you reply to no
user_pref("extensions.xkit7.extension_tweaks", "{\"script\":\"//* TITLE Tweaks **//\\r\\n//* VERSION 2.8 REV D **//\\r\\n//* DESCRIPTION Various little tweaks for your dashboa
user_pref("extensions.xkit7.extension_xkit_patches", "{\"script\":\"//* TITLE XKit Patches **//\\r\\n//* VERSION 2.4 REV C **//\\r\\n//* DESCRIPTION Patches framework **//\\r\
user_pref("extensions.xkit7.extension_xkit_preferences", "{\"script\":\"//* TITLE XKit Preferences **//\\r\\n//* VERSION 3.1 REV H **//\\r\\n//* DESCRIPTION Lets you customize
Emptied folder: C:\Documents and Settings\Avalon\Application Data\mozilla\firefox\profiles\mydm192n.default\minidumps [3 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 3:44:23.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by Avalon (administrator) on DENOFINIQUITY on 15-11-2014 03:46:42
Running from C:\Documents and Settings\Avalon\Desktop
Loaded Profile: Avalon (Available profiles: Avalon)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
() C:\DOCUME~1\Avalon\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-02-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [cdloader] => C:\Documents and Settings\Avalon\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [MediaFire Tray] => [X]
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [394616 2014-03-30] (BitTorrent, Inc.)
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [466648 2012-09-21] ()
Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\MEGAsync.lnk
ShortcutTarget: MEGAsync.lnk -> C:\Documents and Settings\All Users\Application Data\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
Startup: C:\Documents and Settings\Avalon\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_002c0.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_002c0.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_002c0.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_002c0.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_002c0.dll (TODO: <Company name>)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKCU - DefaultScope {41F19F7E-A640-4C34-BCFD-12FADF52473B} URL =
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin:
yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: Ant Video Downloader - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\anttoolbar@ant(2).com [2014-04-08]
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
artur.dubovoy@gmail.com [2014-11-12]
FF Extension: FoxyProxy Standard - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
foxyproxy-basic@eric.h.jung [2014-09-09]
FF Extension: NetVideoHunter - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
netvideohunter@netvideohunter.com [2014-07-30]
FF Extension: Remove It Permanently - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-11-09]
FF Extension: No Name - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2013-12-21]
FF Extension: Flashblock - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-12-19]
FF Extension: DownloadHelper - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Flash and Video Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-13]
FF Extension: Block site - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-02-22]
FF Extension: 1 Click Image Download - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
1clickImageDownloadOverlay@final.ca.xpi [2014-01-02]
FF Extension: 4shared Desktop Plugin - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\4sharedCopyLinks.xpi [2013-03-14]
FF Extension: MEGA - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
firefox@mega.co.nz.xpi [2014-10-24]
FF Extension: Google search link fix - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-01-02]
FF Extension: Memory Restart - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
memoryrestart@teamextension.com.xpi [2014-02-22]
FF Extension: Restartless Restart - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
restartless.restart@erikvold.com.xpi [2014-02-22]
FF Extension: Thumbnail Zoom Plus - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\
thumbnailZoom@dadler.github.com.xpi [2014-01-02]
FF Extension: FlashGot - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-02]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Documents and Settings\Avalon\Application Data\Mozilla\Firefox\Profiles\mydm192n.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2163064 2012-07-27] (Condusiv Technologies)
R2 MF NTFS Monitor; C:\Documents and Settings\Avalon\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [457944 2014-02-11] ()
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [112936 2009-07-15] (Wacom Technology, Corp.)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices) [File not signed]
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 DaShenAudio_simple; C:\WINDOWS\System32\drivers\DaShenAudio.sys [29656 2014-02-27] (DaShen Development Team)
S3 DbusAudio; C:\WINDOWS\System32\drivers\DbusAudio.sys [23608 2012-01-24] (Windows (R) Win 7 DDK provider)
S3 DbusVideo; C:\WINDOWS\System32\DRIVERS\DbusVideo.sys [5688 2012-01-24] (Windows (R) Win 7 DDK provider)
R0 DKDFM; C:\WINDOWS\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\WINDOWS\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\WINDOWS\System32\drivers\DKTLFSMF.sys [85328 2012-07-09] (Condusiv Technologies)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [18200 2013-02-25] ()
R2 mfmonitor; C:\WINDOWS\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-12-06] (Windows (R) Win 7 DDK provider)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2009-07-17] (NVIDIA Corporation) [File not signed]
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2012-01-04] (AnchorFree Inc)
R3 WsAudio_Device(1); C:\WINDOWS\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\WINDOWS\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\WINDOWS\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\WINDOWS\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\WINDOWS\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
R3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
R3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
R3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
R3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\DOCUME~1\Avalon\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14848 2009-07-16] (Microsoft Corporation)
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2009-07-16] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 VSS; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-15 03:46 - 2014-11-15 03:47 - 00018532 _____ () C:\Documents and Settings\Avalon\Desktop\FRST.txt
2014-11-15 03:46 - 2014-11-15 03:46 - 00000000 ____D () C:\FRST
2014-11-15 03:44 - 2014-11-15 03:44 - 00002089 _____ () C:\Documents and Settings\Avalon\Desktop\JRT.txt
2014-11-15 03:38 - 2014-11-08 08:06 - 01706808 _____ (Thisisu) C:\Documents and Settings\Avalon\Desktop\JRT_NEW.exe
2014-11-15 03:37 - 2014-11-15 03:45 - 00005574 _____ () C:\Documents and Settings\Avalon\Desktop\for post.txt
2014-11-15 03:37 - 2014-11-15 03:37 - 00000000 ___SH () C:\DkHyperbootSync
2014-11-14 23:29 - 2014-11-14 23:29 - 02140160 _____ () C:\Documents and Settings\Avalon\Desktop\AdwCleaner.exe
2014-11-14 23:28 - 2014-11-14 23:28 - 01108480 _____ (Farbar) C:\Documents and Settings\Avalon\Desktop\FRST.exe
2014-11-14 19:23 - 2014-11-15 03:47 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\temp
2014-11-14 19:23 - 2014-11-14 19:23 - 00021211 _____ () C:\ComboFix.txt
2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\shawn\Local Settings\temp
2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-11-14 19:23 - 2014-11-14 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-14 17:51 - 2014-11-14 17:51 - 00000000 _RSHD () C:\cmdcons
2014-11-14 04:29 - 2014-11-14 04:29 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-14 04:29 - 2014-11-14 04:29 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-11-14 03:59 - 2014-11-14 03:59 - 00000437 _____ () C:\Boot.bak
2014-11-14 03:59 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-11-14 03:55 - 2013-01-17 13:40 - 473148250 _____ () C:\Documents and Settings\Avalon\Desktop\Pitch Perfect.mp4
2014-11-14 03:54 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-14 03:54 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-14 03:54 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-14 03:54 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-14 03:44 - 2014-11-14 03:47 - 00000000 ____D () C:\AVG_Remover
2014-11-14 03:11 - 2014-11-14 19:23 - 00000000 ____D () C:\Qoobox
2014-11-14 03:10 - 2014-11-14 18:03 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-13 14:00 - 2014-11-13 14:00 - 00000000 _____ () C:\Documents and Settings\Avalon\Desktop\New Bitmap Image (2).bmp
2014-11-13 12:53 - 2014-11-13 12:54 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\books
2014-11-13 11:42 - 2014-11-14 17:46 - 05598504 ____R (Swearware) C:\Documents and Settings\Avalon\Desktop\ComboFix.exe
2014-11-13 01:16 - 2014-11-13 02:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-13 01:15 - 2014-11-13 08:01 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\mbar
2014-11-13 00:59 - 2014-11-13 00:59 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-13 00:58 - 2014-11-13 00:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-12 20:45 - 2014-11-14 23:29 - 00001748 _____ () C:\Documents and Settings\Avalon\Desktop\antivirus instructions.txt
2014-11-11 20:23 - 2014-11-13 01:16 - 00115928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 20:21 - 2014-11-11 20:21 - 00000781 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 20:21 - 2014-11-11 20:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 20:20 - 2014-11-13 01:16 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-11 20:20 - 2014-11-11 20:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-11 07:41 - 2014-11-11 07:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-10 04:48 - 2014-11-10 04:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini111014-01.dmp
2014-11-10 04:08 - 2014-11-10 04:08 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2014-11-10 02:02 - 2014-11-10 02:40 - 517531287 _____ () C:\Documents and Settings\Avalon\Desktop\Kuiba Movie 2 (魁拔2之大战元泱界).rmvb
2014-11-10 01:54 - 2014-11-11 03:27 - 1052176497 _____ () C:\Documents and Settings\Avalon\Desktop\[EMTP-Raws][KUIBA][BDrip][x264_FLACx2_AC3][Hi10P].mkv
2014-11-10 01:51 - 2014-11-10 02:01 - 222576640 _____ () C:\Documents and Settings\Avalon\Desktop\[JustBLThings-aarinfantasy] Hybrid Child OVA 1 [5E53E27E].avi
2014-11-10 00:05 - 2014-11-14 04:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-11-10 00:03 - 2014-11-10 00:03 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-11-10 00:03 - 2014-11-10 00:03 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2014-11-09 23:55 - 2014-11-14 03:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\COMODO
2014-11-09 23:55 - 2014-11-14 03:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
2014-11-09 23:49 - 2014-11-14 04:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
2014-11-09 23:38 - 2014-11-09 23:46 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-11-09 14:49 - 2014-11-09 14:49 - 00008516 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:49 - 2014-11-09 14:49 - 00004198 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:49 - 2014-11-09 14:49 - 00000268 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:31 - 2014-11-09 14:31 - 00008516 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:31 - 2014-11-09 14:31 - 00004198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:31 - 2014-11-09 14:31 - 00000268 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-11-09 14:29 - 2014-11-09 14:29 - 00008516 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:29 - 2014-11-09 14:29 - 00004198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:29 - 2014-11-09 14:29 - 00000268 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-11-09 13:46 - 2014-11-09 13:57 - 00000160 ____H () C:\Documents and Settings\All Users\Application Data\@system3.att
2014-11-09 13:46 - 2014-11-09 13:56 - 00000424 _____ () C:\Documents and Settings\All Users\Application Data\@system.temp
2014-11-09 13:46 - 2014-11-09 13:46 - 00000448 ____H () C:\Documents and Settings\Avalon\Application Data\麽鎒駓覜
2014-11-09 13:45 - 2014-11-09 22:17 - 00000000 ____D () C:\0da1ecf
2014-11-09 02:11 - 2014-11-09 02:25 - 00001434 _____ () C:\Documents and Settings\Avalon\Desktop\New Text Document (2).txt
2014-11-09 01:48 - 2014-11-11 03:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-08 22:43 - 2014-11-08 22:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia
2014-11-08 22:43 - 2014-11-08 22:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2014-11-08 22:36 - 2014-11-08 22:36 - 00000351 _____ () C:\WINDOWS\nsw.log
2014-11-07 00:30 - 2014-11-07 00:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\(2014.05.21) Soredemo Sekai wa Utsukushii Original Soundtrack
2014-11-07 00:25 - 2014-11-07 00:29 - 206067298 _____ () C:\Documents and Settings\Avalon\Desktop\(2014.05.21) Soredemo Sekai wa Utsukushii Original Soundtrack.zip
2014-11-05 12:29 - 2014-11-07 03:46 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Deathtrap - Christopher Reeve Crime Eng 720p [H264-mp4]
2014-11-03 04:42 - 2014-11-03 04:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-03 04:41 - 2014-11-03 04:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2014-11-02 21:41 - 2014-11-02 21:42 - 01340762 _____ () C:\Documents and Settings\Avalon\Desktop\leave2.bmp
2014-11-02 21:40 - 2014-11-02 21:40 - 01461510 _____ () C:\Documents and Settings\Avalon\Desktop\leave1.bmp
2014-11-02 21:33 - 2014-11-02 22:57 - 00000902 _____ () C:\Documents and Settings\Avalon\Desktop\plan.txt
2014-11-02 21:27 - 2014-11-02 21:27 - 01698502 _____ () C:\Documents and Settings\Avalon\Desktop\sch.bmp
2014-11-02 01:47 - 2014-11-02 01:47 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Legend.Tom.Cruise.1985.DivX.DVDRip(Fantasy Adventure - Ridley Scott)
2014-11-01 14:50 - 2014-11-09 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ecbaef90-5696-41e1-a1c3-3e8112ce2840
2014-11-01 12:48 - 2014-11-01 12:48 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\IsolatedStorage
2014-10-29 11:55 - 2014-10-30 20:17 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Dr Hook
2014-10-27 10:12 - 2014-10-29 20:35 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Mc Frontalot Discography
2014-10-27 10:04 - 2014-10-30 09:33 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Mandrake the Magician
2014-10-26 08:41 - 2014-10-26 08:41 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\Condusiv_Technologies
2014-10-26 08:41 - 2014-10-26 08:41 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Condusiv_Technologies
2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Program Files\Windows Home Server
2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Program Files\Common Files\Diskeeper Corporation
2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Condusiv Technologies
2014-10-26 04:55 - 2014-10-26 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Condusiv Technologies
2014-10-26 04:55 - 2012-07-09 13:54 - 00085328 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKTLFSMF.sys
2014-10-26 04:55 - 2012-06-18 18:14 - 00044496 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKRtWrt.sys
2014-10-26 04:55 - 2012-04-05 01:32 - 00035120 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKDFM.sys
2014-10-26 04:44 - 2014-10-26 04:56 - 00000000 ____D () C:\Program Files\Diskeeper Setup Files
2014-10-26 04:25 - 2014-10-26 04:25 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-03.dmp
2014-10-26 04:24 - 2014-10-26 04:23 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-02.dmp
2014-10-26 04:21 - 2014-10-26 04:20 - 00081920 _____ () C:\WINDOWS\Minidump\Mini102614-01.dmp
2014-10-26 03:48 - 2014-10-26 03:49 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\movies to get these are NOT complete
2014-10-23 17:32 - 2014-10-23 17:32 - 00009976 _____ () C:\Documents and Settings\Avalon\Desktop\files.txt
2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-10-20 21:19 - 2014-10-20 21:19 - 00018335 _____ () C:\Documents and Settings\Avalon\Desktop\wipthing.html
2014-10-20 21:17 - 2014-10-20 21:17 - 00018335 _____ () C:\Documents and Settings\Avalon\Desktop\wip.html.txt
2014-10-19 18:16 - 2014-10-28 00:03 - 00051004 _____ () C:\Documents and Settings\Avalon\Desktop\submariner.txt
2014-10-17 17:05 - 2014-10-19 10:56 - 00000119 _____ () C:\Documents and Settings\Avalon\Desktop\sttng eps.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-15 03:47 - 2011-01-04 08:58 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB6836BA-3D20-4754-828A-DE9B7DB54941}.job
2014-11-15 03:39 - 2010-04-02 06:17 - 00603262 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 03:37 - 2013-12-20 00:53 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\uTorrent
2014-11-15 03:37 - 2010-04-02 11:37 - 01768087 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-15 03:36 - 2014-06-16 22:35 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\WTablet
2014-11-15 03:36 - 2010-01-11 21:17 - 00271490 _____ () C:\WINDOWS\system32\NvApps.xml
2014-11-15 03:36 - 2003-03-31 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-15 03:35 - 2010-04-02 06:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-15 03:35 - 2010-04-02 06:19 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-15 03:34 - 2010-04-02 12:03 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-15 03:32 - 2010-04-02 12:03 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-15 03:31 - 2014-09-29 22:06 - 00000000 ____D () C:\AdwCleaner
2014-11-15 03:23 - 2013-12-20 09:21 - 00000000 ____D () C:\Program Files\Trillian
2014-11-15 03:13 - 2013-12-20 14:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-14 18:03 - 2003-03-31 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-14 17:51 - 2010-04-02 06:14 - 00000437 __RSH () C:\boot.ini
2014-11-14 06:01 - 2013-12-29 04:07 - 00000485 _____ () C:\Documents and Settings\Avalon\.webaom
2014-11-14 04:30 - 2010-04-02 06:15 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-11-14 04:30 - 2010-04-02 06:15 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-11-14 04:30 - 2010-04-02 06:14 - 25690112 _____ () C:\WINDOWS\system32\config\software.bak
2014-11-14 04:30 - 2010-04-02 06:14 - 09175040 _____ () C:\WINDOWS\system32\config\system.bak
2014-11-14 04:30 - 2010-04-02 06:14 - 01048576 _____ () C:\WINDOWS\system32\config\default.bak
2014-11-14 03:33 - 2014-06-27 00:44 - 00000000 ____D () C:\Program Files\EaseUS
2014-11-13 12:53 - 2013-12-19 23:55 - 00181760 _____ () C:\Documents and Settings\Avalon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 11:27 - 2014-01-05 23:04 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-13 08:52 - 2014-09-30 03:01 - 00000999 _____ () C:\Documents and Settings\Avalon\Desktop\magicJack.lnk
2014-11-13 08:12 - 2013-12-22 02:52 - 00001021 _____ () C:\Documents and Settings\Avalon\Start Menu\Programs\magicJack.lnk
2014-11-13 08:12 - 2013-12-22 02:51 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\mjusbsp
2014-11-12 13:13 - 2013-12-20 14:10 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 13:13 - 2013-12-20 14:10 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-11 22:12 - 2014-04-19 02:34 - 00000000 ___HD () C:\WINDOWS\PIF
2014-11-11 21:49 - 2012-11-22 19:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-11-11 20:46 - 2014-01-03 20:59 - 00000000 ____D () C:\Program Files\Multi Password Recovery
2014-11-11 20:21 - 2012-11-22 19:00 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Malwarebytes
2014-11-10 00:11 - 2014-08-23 20:04 - 00019063 _____ () C:\WINDOWS\setupapi.log
2014-11-09 22:19 - 2010-04-02 06:13 - 00000000 ____D () C:\WINDOWS\twain_32
2014-11-09 14:49 - 2013-12-20 09:22 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Trillian
2014-11-09 14:42 - 2014-03-05 12:59 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Skype
2014-11-09 14:41 - 2014-05-25 02:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\ooVoo Details
2014-11-09 14:41 - 2014-02-23 22:32 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Replay Media Catcher 5
2014-11-09 14:41 - 2011-05-25 13:13 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Mozilla
2014-11-09 14:33 - 2014-01-06 00:52 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\mIRC
2014-11-09 14:32 - 2014-03-06 14:39 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\avidemux
2014-11-09 14:31 - 2014-06-11 23:49 - 00000000 ____D () C:\Documents and Settings\Avalon\.FBReader
2014-11-09 14:31 - 2014-02-16 00:20 - 00000000 ___HD () C:\Documents and Settings\Avalon\.mediafire
2014-11-09 14:31 - 2013-12-20 21:06 - 00000000 ____D () C:\Documents and Settings\Avalon\.yawcam
2014-11-09 14:31 - 2011-05-25 13:30 - 00000000 ____D () C:\Documents and Settings\Avalon\Application Data\Adobe
2014-11-09 14:31 - 2010-04-02 11:37 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-11-09 14:29 - 2014-09-25 18:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Npackd
2014-11-09 14:29 - 2014-01-14 03:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Recisio
2014-11-09 14:29 - 2011-02-21 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MAGIX
2014-11-09 14:01 - 2014-09-01 11:25 - 00000000 ___SD () C:\Documents and Settings\Administrator
2014-11-09 14:01 - 2014-07-31 02:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-11-09 14:01 - 2013-12-20 21:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogiShrd
2014-11-08 22:37 - 2014-02-24 02:45 - 01434700 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-1004336348-1801674531-1007-0.dat
2014-11-08 22:37 - 2014-02-24 02:45 - 00764510 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-11-08 19:57 - 2014-10-14 01:01 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\Cover Images
2014-11-07 14:20 - 2014-01-06 00:52 - 00000000 ____D () C:\Program Files\mIRC
2014-11-07 01:20 - 2014-09-15 03:12 - 00000000 ____D () C:\Documents and Settings\Avalon\My Documents\ebooks
2014-11-03 04:41 - 2014-08-10 14:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-03 04:41 - 2010-04-02 12:02 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-11-03 04:41 - 2010-04-02 12:01 - 00000000 ____D () C:\Program Files\Java
2014-11-02 21:16 - 2014-10-06 15:13 - 01552038 _____ () C:\Documents and Settings\Avalon\Desktop\New Bitmap Image.bmp
2014-11-01 17:12 - 2014-02-24 02:45 - 02150608 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-11-01 14:22 - 2014-09-29 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
2014-11-01 14:20 - 2003-03-31 07:00 - 00000609 _____ () C:\WINDOWS\win.ini
2014-10-27 18:50 - 2014-09-23 10:21 - 00000000 ___RD () C:\Documents and Settings\Avalon\My Documents\MEGA
2014-10-26 17:00 - 2010-08-31 14:21 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-26 04:55 - 2014-07-25 16:43 - 00000000 ____D () C:\Program Files\Condusiv Technologies
2014-10-26 04:55 - 2010-04-02 06:13 - 00000000 ____D () C:\WINDOWS\Help
2014-10-26 04:25 - 2014-04-08 21:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-26 00:08 - 2010-04-02 11:33 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-24 23:35 - 2014-09-23 10:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MEGAsync
2014-10-24 16:23 - 2014-10-03 19:33 - 00000000 ____D () C:\Documents and Settings\Avalon\Desktop\New Folder (3)
2014-10-20 12:33 - 2014-09-23 06:47 - 00000624 _____ () C:\Documents and Settings\Avalon\Desktop\mega share account info.txt
2014-10-20 11:39 - 2014-08-26 22:38 - 00000000 ____D () C:\Documents and Settings\Avalon\Local Settings\Application Data\Adobe
Some content of TEMP:
====================
C:\Documents and Settings\Avalon\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Avalon\Local Settings\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== End Of Log ============================
. I downloaded and installed the Comodo AV program as well.
