Solved Various BSoD and crashing issues

NasuButt

NasuButt

Posts: 11   +0
Hi! As the title says, I am having a couple BSoD issues [No specific error included] and other crashing issues as well as a couple issues with some programs I use.
Here are my logs:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Josh :: FAG-PC [administrator]

1/14/2013 5:48:41 PM
mbam-log-2013-01-14 (17-48-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232607
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\FAG\AppData\Local\temp\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\FAG\AppData\Local\temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\FAG\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)
_________________________________________________
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Josh at 18:13:02 on 2013-01-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1920 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\josh\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\2627F636B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\6657C6D65627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\7516E6E616027716473686 : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\ep0qw4jw.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBFPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexon\ngm\npnxgame.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - ExtSQL: 2012-12-26 20:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-25 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-25 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-25 242240]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-1-21 22312]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-25 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-25 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-6 44768]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2012-12-24 526208]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2011-11-27 8704]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-5-13 13232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-12-24 11680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-26 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-26 52224]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-12-24 69024]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-12-24 13728]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-10 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-1-25 133944]
.
=============== Created Last 30 ================
.
2013-01-14 22:47:25--------d-----w-c:\users\josh\appdata\roaming\Malwarebytes
2013-01-14 22:46:29--------d-----w-c:\users\josh\appdata\local\Programs
2013-01-14 21:24:46--------d-----w-c:\users\josh\appdata\local\SecondLife
2013-01-14 21:23:55--------d-----w-c:\program files\SecondLifeViewer2
2013-01-14 06:08:07--------d-----w-c:\users\josh\appdata\roaming\Auslogics
2013-01-14 06:05:19--------d-----w-c:\program files\Portable
2013-01-14 02:52:09--------d-----w-c:\program files\Auslogics
2013-01-14 02:26:43--------d-----w-c:\program files\ESET
2013-01-13 22:24:08--------d-----w-c:\users\josh\appdata\roaming\enchant
2013-01-13 22:17:32--------d-----w-c:\users\josh\AbiSuite
2013-01-13 22:15:17--------d-----w-c:\program files\AbiWord
2013-01-13 05:08:46--------d-----w-c:\users\josh\appdata\roaming\DAEMON Tools Lite
2013-01-09 04:25:292345984----a-w-c:\windows\system32\win32k.sys
2013-01-09 04:25:051389568----a-w-c:\windows\system32\msxml6.dll
2013-01-09 04:24:53293376----a-w-c:\windows\system32\KernelBase.dll
2013-01-09 04:24:51271360----a-w-c:\windows\system32\conhost.exe
2013-01-09 04:24:51169984----a-w-c:\windows\system32\winsrv.dll
2013-01-09 04:24:18492032----a-w-c:\windows\system32\win32spl.dll
2013-01-09 04:24:15626688----a-w-c:\windows\system32\usp10.dll
2013-01-09 04:24:11220160----a-w-c:\windows\system32\ncrypt.dll
2013-01-09 04:24:0949152----a-w-c:\windows\system32\taskhost.exe
2013-01-09 02:25:50--------d-----w-c:\program files\common files\Steam
2013-01-09 02:25:46--------d-----w-c:\program files\Steam
2013-01-08 23:28:02--------d-----w-c:\program files\Super Meat Boy
2013-01-08 18:03:28--------d-----w-c:\users\josh\appdata\local\SKIDROW
2013-01-08 17:57:10452440----a-w-c:\windows\system32\d3dx10_40.dll
2013-01-08 17:57:102036576----a-w-c:\windows\system32\D3DCompiler_40.dll
2013-01-08 17:57:094379984----a-w-c:\windows\system32\D3DX9_40.dll
2013-01-08 14:52:16--------d-----w-c:\users\josh\.swt
2013-01-08 09:38:10--------d-----w-c:\users\josh\appdata\roaming\SUPERAntiSpyware.com
2013-01-08 09:37:42--------d-----w-c:\programdata\SUPERAntiSpyware.com
2013-01-08 09:37:42--------d-----w-c:\program files\SUPERAntiSpyware
2013-01-08 09:23:27--------d-----w-c:\users\josh\appdata\roaming\BitTorrent
2013-01-05 15:21:46--------d-----w-c:\users\josh\appdata\local\CyberLink
2013-01-05 15:21:05--------d-----w-c:\users\josh\appdata\local\CrashRpt
2013-01-05 15:20:45--------d-----w-c:\users\josh\appdata\local\Producer
2013-01-05 15:20:45--------d-----w-c:\program files\Livestream for Producers
2013-01-05 15:09:00--------d-----w-c:\users\josh\appdata\roaming\Livestream
2013-01-05 13:42:44--------d-----w-c:\users\josh\appdata\roaming\fltk.org
2013-01-05 13:42:44--------d-----w-c:\programdata\fltk.org
2013-01-05 13:32:27--------d-----w-c:\program files\Amnesia - The Dark Descent
2013-01-05 12:56:10--------d-----w-c:\program files\uTorrent
2013-01-05 12:55:17--------d-----w-c:\users\josh\appdata\roaming\uTorrent
2013-01-05 05:39:03--------d-----r-c:\users\josh\Dropbox
2013-01-05 05:36:20--------d-----w-c:\users\josh\appdata\roaming\Dropbox
2012-12-25 18:41:05295424----a-w-c:\windows\system32\atmfd.dll
2012-12-25 18:41:0434304----a-w-c:\windows\system32\atmlib.dll
2012-12-25 18:27:04--------d-----w-c:\users\josh\appdata\local\Apple Computer
2012-12-25 02:09:24--------d-----r-c:\program files\Skype
2012-12-24 21:47:09--------d-----w-c:\users\josh\appdata\roaming\SYSTEMAX Software Development
2012-12-24 21:40:54--------d-----w-c:\users\josh\appdata\roaming\WTablet
2012-12-24 21:40:52--------d-----w-c:\program files\TabletPlugins
2012-12-24 21:40:4869024----a-w-c:\windows\system32\drivers\wachidrouter.sys
2012-12-24 21:40:481461992----a-w-c:\windows\system32\wdfcoinstaller01009.dll
2012-12-24 21:40:4811680----a-w-c:\windows\system32\drivers\hidkmdf.sys
2012-12-24 21:40:381629056----a-w-c:\windows\system32\Pen_Tablet.dll
2012-12-24 21:40:381621888----a-w-c:\windows\system32\Pen_Touch_Tablet.dll
2012-12-24 21:40:381510272----a-w-c:\windows\system32\Wintab32.dll
2012-12-24 21:40:381506176----a-w-c:\windows\system32\WacomMT.dll
2012-12-24 21:40:36--------d-----w-c:\program files\Tablet
2012-12-24 21:31:49--------d-----w-c:\users\josh\appdata\local\join.me
2012-12-24 21:31:27--------d-----w-c:\users\josh\appdata\roaming\Wacom
2012-12-24 21:31:19--------d-----w-c:\programdata\Wacom
2012-12-24 21:30:50--------d-----w-c:\users\josh\appdata\local\Adobe
2012-12-24 21:30:38--------d-----w-c:\program files\Bamboo Dock
2012-12-24 21:24:4913728----a-w-c:\windows\system32\drivers\wacomrouterfilter.sys
2012-12-24 06:59:01--------d-----w-c:\users\josh\appdata\local\Razer
2012-12-24 02:27:32--------d-----w-c:\users\josh\appdata\local\PMB Files
2012-12-24 02:21:20--------d-----w-c:\users\josh\appdata\local\Google
2012-12-24 02:20:42--------d-----w-c:\users\josh\appdata\local\Apple
2012-12-24 02:19:25--------d-----w-c:\users\josh\appdata\local\Mozilla
2012-12-24 02:17:00--------d-----w-c:\users\josh\appdata\local\VirtualStore
2012-12-18 18:20:22376832----a-w-c:\windows\system32\dpnet.dll
2012-12-18 18:20:182048----a-w-c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2013-01-13 05:22:1856320----a-w-c:\windows\system32\vsstrace.dll
2012-12-14 21:49:2821104----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-12 03:51:1973656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 03:51:19697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2010-09-17 00:01:062608640----a-w-c:\program files\STEINSGATE.exe
.
============= FINISH: 18:15:12.53 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2010 9:50:54 PM
System Uptime: 1/14/2013 6:08:34 PM (0 hours ago)
.
Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 61.293 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP809: 1/14/2013 3:01:16 AM - Windows Update
RP811: 1/14/2013 4:24:33 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.21
AbiWord 2.8.6
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amnesia - The Dark Descent
ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Auslogics Registry Cleaner
avast! Free Antivirus
Bamboo
Bamboo Dock
Bandisoft MPEG-1 Decoder
BitTorrent
Blacklight Retribution
Bonjour
CCleaner
Conexant HD Audio
CyberLink YouCam
D3DX10
DAEMON Tools Lite
Dark Eternal- Dissolution
Derpys Lamp
DivX Setup
Dragon Nest
Dropbox
DS4 Default Content
Elsword version 1.17
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8714
Facebook Video Calling 1.2.0.287
File Shredder 2.0
Fraps (remove only)
Google Chrome
Google Update Helper
Grand Chase version 092412
HDAUDIO Soft Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
join.me
League of Legends
Lernout & Hauspie TruVoice American English TTS Engine
Livestream for Producers
Mabinogi
Malwarebytes Anti-Malware version 1.70.0.1100
MapleStory
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nexon Game Manager
NVIDIA PhysX
OGPlanet Game Launcher
ooVoo
OpenOffice.org 3.3
Pando Media Booster
Portal 2
Project64 1.6
PunkBuster Services
QuickTime
Razer Game Booster
Rumble Fighter
RuneScape Launcher 1.0.4
Rusty Hearts
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.0
Steam
StepMania v5.0 alpha 1a (remove only)
STOnline
SUPERAntiSpyware
Trickster
TuneUp Companion 2.2.7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Vindictus
Voobly Game Data
WebTablet FB Plugin 32 bit
WIDI Recognition System Pro 3.3 (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Your MBAM log has some items marked as "No action taken".
Re-run MBAM, fix all issues and post new log.

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==========================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Done! Here are the logs

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Josh :: FAG-PC [administrator]

1/14/2013 8:22:52 PM
mbam-log-2013-01-14 (20-22-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232994
Time elapsed: 12 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
_________________________________________________________
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Josh [Admin rights]
Mode : Scan -- Date : 01/14/2013 20:40:33
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++
--- User ---
[MBR] a7e61161e01dd66b43b690391c613b66
[BSP] d851f77371bd19136214e8e1d4eca568 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01142013_02d2040.txt >>
RKreport[1]_S_01142013_02d2040.txt
__________________________________________________________
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Josh [Admin rights]
Mode : Remove -- Date : 01/14/2013 20:40:50
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++
--- User ---
[MBR] a7e61161e01dd66b43b690391c613b66
[BSP] d851f77371bd19136214e8e1d4eca568 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01142013_02d2040.txt >>
RKreport[1]_S_01142013_02d2040.txt ; RKreport[2]_D_01142013_02d2040.txt
____________________________________________________
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.15.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Josh :: FAG-PC [administrator]
1/14/2013 9:03:23 PM
mbar-log-2013-01-14 (21-03-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30216
Time elapsed: 21 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
c:\Users\Josh\Desktop\Other ****\Patch\32bit\amtlib.dll (PUP.RiskwareTool.CK) -> Delete on reboot.
c:\Users\Josh\Desktop\Other ****\Patch\64bit\amtlib.dll (PUP.RiskwareTool.CK) -> Delete on reboot.
c:\Users\Josh\Desktop\Other ****\SMB\NFOviewer.exe (Malware.Packer.Krunchy) -> Delete on reboot.
(end)
______________________________________________________________
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 8.0.7601.17514
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 3211124736, free: 1803595776
------------ Kernel report ------------
01/14/2013 20:41:54
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\HpqRemHid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CHDART.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\Josh\AppData\Local\Temp\mbr.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff861a4648
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xffffffff85329908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.01.15.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff861a4648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861a42c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861a4648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85329908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffbeb763f0, 0xffffffff861a4648, 0xffffffff88df4ac8
Lower DeviceData: 0xffffffffbef3e3e0, 0xffffffff85329908, 0xffffffff859b91d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6E186E18
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 488187904
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758} --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]
Read File: File "c:\Users\FAG\Desktop\LeagueOfLegends\layout.bin" is sparse (flags = 32768)
Infected: c:\Users\Josh\Desktop\Other ****\Patch\32bit\amtlib.dll --> [PUP.RiskwareTool.CK]
Infected: c:\Users\Josh\Desktop\Other ****\Patch\64bit\amtlib.dll --> [PUP.RiskwareTool.CK]
Infected: c:\Users\Josh\Desktop\Other ****\SMB\NFOviewer.exe --> [Malware.Packer.Krunchy]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
When I try to run Combofix, it says I have AVG open, but I don't have AVG anymore? And I have avast's shields turned off. What should I do about this?
 
Okay, done~

ComboFix 13-01-14.01 - Josh 01/14/2013 21:49:43.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2316 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 30
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-15 03:02 . 2013-01-15 03:02--------d-----w-c:\users\Public\AppData\Local\temp
2013-01-15 03:02 . 2013-01-15 03:02--------d-----w-c:\users\FAG\AppData\Local\temp
2013-01-15 03:02 . 2013-01-15 03:02--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-15 01:41 . 2013-01-15 01:41141640----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-15 01:41 . 2013-01-15 01:4131560----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-01-14 21:23 . 2013-01-14 21:24--------d-----w-c:\program files\SecondLifeViewer2
2013-01-14 06:05 . 2013-01-14 06:05--------d-----w-c:\program files\Portable
2013-01-14 02:52 . 2013-01-14 06:06--------d-----w-c:\program files\Auslogics
2013-01-14 02:26 . 2013-01-14 02:26--------d-----w-c:\program files\ESET
2013-01-13 22:15 . 2013-01-13 22:17--------d-----w-c:\program files\AbiWord
2013-01-09 04:25 . 2012-11-23 02:562345984----a-w-c:\windows\system32\win32k.sys
2013-01-09 04:25 . 2012-11-01 04:471389568----a-w-c:\windows\system32\msxml6.dll
2013-01-09 04:24 . 2012-11-30 04:47293376----a-w-c:\windows\system32\KernelBase.dll
2013-01-09 04:24 . 2012-11-30 04:53169984----a-w-c:\windows\system32\winsrv.dll
2013-01-09 04:24 . 2012-11-30 02:55271360----a-w-c:\windows\system32\conhost.exe
2013-01-09 04:24 . 2012-11-09 04:43492032----a-w-c:\windows\system32\win32spl.dll
2013-01-09 04:24 . 2012-11-22 04:45626688----a-w-c:\windows\system32\usp10.dll
2013-01-09 04:24 . 2012-11-20 04:51220160----a-w-c:\windows\system32\ncrypt.dll
2013-01-09 04:24 . 2012-11-23 02:4849152----a-w-c:\windows\system32\taskhost.exe
2013-01-09 02:25 . 2013-01-09 12:24--------d-----w-c:\program files\Common Files\Steam
2013-01-09 02:25 . 2013-01-15 02:47--------d-----w-c:\program files\Steam
2013-01-08 23:28 . 2013-01-08 23:28--------d-----w-c:\program files\Super Meat Boy
2013-01-08 17:57 . 2008-10-15 11:22452440----a-w-c:\windows\system32\d3dx10_40.dll
2013-01-08 17:57 . 2008-10-15 11:222036576----a-w-c:\windows\system32\D3DCompiler_40.dll
2013-01-08 17:57 . 2008-10-15 11:224379984----a-w-c:\windows\system32\D3DX9_40.dll
2013-01-08 09:37 . 2013-01-08 09:38--------d-----w-c:\program files\SUPERAntiSpyware
2013-01-08 09:37 . 2013-01-08 09:37--------d-----w-c:\programdata\SUPERAntiSpyware.com
2013-01-06 18:42 . 2013-01-06 18:42--------d-----w-c:\program files\7-Zip
2013-01-05 15:20 . 2013-01-05 15:20--------d-----w-c:\program files\Livestream for Producers
2013-01-05 13:42 . 2013-01-05 13:42--------d-----w-c:\programdata\fltk.org
2013-01-05 13:32 . 2013-01-05 13:38--------d-----w-c:\program files\Amnesia - The Dark Descent
2013-01-05 12:56 . 2013-01-05 12:56--------d-----w-c:\program files\uTorrent
2012-12-30 05:24 . 2012-12-30 05:24--------d-----w-c:\program files\Microsoft Silverlight
2012-12-25 20:07 . 2012-12-25 20:07--------d-----w-c:\users\FAG\AppData\Roaming\Wacom
2012-12-25 20:07 . 2012-12-25 20:07--------d-----w-c:\users\FAG\AppData\Roaming\WTablet
2012-12-25 18:41 . 2012-12-16 14:13295424----a-w-c:\windows\system32\atmfd.dll
2012-12-25 18:41 . 2012-12-16 14:1334304----a-w-c:\windows\system32\atmlib.dll
2012-12-25 02:09 . 2012-12-25 02:09--------d-----w-c:\program files\Common Files\Skype
2012-12-25 02:09 . 2012-12-25 02:09--------d-----r-c:\program files\Skype
2012-12-24 21:40 . 2012-10-12 14:2069024----a-w-c:\windows\system32\drivers\wachidrouter.sys
2012-12-24 21:40 . 2012-10-12 14:2011680----a-w-c:\windows\system32\drivers\hidkmdf.sys
2012-12-24 21:40 . 2012-04-11 20:341461992----a-w-c:\windows\system32\wdfcoinstaller01009.dll
2012-12-24 21:40 . 2012-11-14 19:451510272----a-w-c:\windows\system32\Wintab32.dll
2012-12-24 21:40 . 2012-11-14 19:451506176----a-w-c:\windows\system32\WacomMT.dll
2012-12-24 21:40 . 2012-11-14 19:451629056----a-w-c:\windows\system32\Pen_Tablet.dll
2012-12-24 21:40 . 2012-11-14 19:451621888----a-w-c:\windows\system32\Pen_Touch_Tablet.dll
2012-12-24 21:40 . 2012-12-24 21:40--------d-----w-c:\program files\Tablet
2012-12-24 21:31 . 2012-12-24 21:31--------d-----w-c:\programdata\Wacom
2012-12-24 21:30 . 2012-12-24 21:31--------d-----w-c:\program files\Bamboo Dock
2012-12-24 21:24 . 2012-10-12 14:5413728----a-w-c:\windows\system32\drivers\wacomrouterfilter.sys
2012-12-24 03:09 . 2012-12-24 03:09--------d-----w-c:\programdata\Razer
2012-12-24 03:09 . 2012-12-24 03:09--------d-----w-c:\program files\Razer
2012-12-24 02:16 . 2013-01-13 22:17--------d-----w-c:\users\Josh
2012-12-18 18:20 . 2012-11-02 05:11376832----a-w-c:\windows\system32\dpnet.dll
2012-12-18 18:20 . 2012-11-09 04:422048----a-w-c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 05:22 . 2009-07-13 23:2356320----a-w-c:\windows\system32\vsstrace.dll
2013-01-03 06:10 . 2011-06-22 19:262876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-03 06:09 . 2011-06-22 19:2642776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-14 21:49 . 2011-10-25 07:0821104----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-12 03:51 . 2012-08-07 21:06697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:51 . 2012-01-09 07:3673656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2010-09-17 00:01 . 2012-03-25 22:232608640----a-w-c:\program files\STEINSGATE.exe
2012-10-01 21:46 . 2012-08-07 21:11266720----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-09 1354736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2012-07-10 22:53549760----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^FAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\FAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^FAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\FAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:063481408----a-w-c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:41138096----atw-c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33421776----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2012-05-29 14:3725249400----a-w-c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 16:2717877168----a-r-c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:454763008----a-w-c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 02:16222504----a-w-c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21648072----a-w-c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-06-11 17:14162912----a-w-c:\program files\CyberLink\YouCam\YouCamTray.exe
.
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 apf003;apf003;c:\windows\system32\apf003.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioServiceREG_MULTI_SZ HsfXAudioService
WindowsMobileREG_MULTI_SZ wcescomm rapimgr
LocalServiceRestrictedREG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 11:021606760----a-w-c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:51]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 21:41]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 21:41]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:07]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:07]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ep0qw4jw.default\
FF - ExtSQL: 2012-12-26 20:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\FAG\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-Google Update - c:\users\FAG\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(204)
c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Completion time: 2013-01-14 22:05:46
ComboFix-quarantined-files.txt 2013-01-15 03:05
ComboFix2.txt 2011-12-17 03:58
ComboFix3.txt 2011-11-01 23:00
.
Pre-Run: 71,882,481,664 bytes free
Post-Run: 72,962,445,312 bytes free
.
- - End Of File - - FD5D988AAAA12F455919C76DCB753469
 
Looks good.

How is computer doing?

======================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

===================================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
There haven't been any sudden crashes since we started, and the overall speed has seemed to increase. So things appear to be going well.
Here are the logs.

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 23:48:07
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Josh - FAG-PC
# Boot Mode : Normal
# Running from : C:\Users\Josh\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\searchplugins\Askcom.xml
File Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\FAG\AppData\Local\AskToolbar
Folder Deleted : C:\Users\FAG\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\FAG\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\FAG\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\FAG\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\FAG\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\FAG\AppData\LocalLow\ShopperReports3
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\Conduit
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\ConduitEngine
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\CT2405280
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\extensions\toolbar@ask.com

***** [Registry] *****

Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\prefs.js

Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405280.CTID", "CT2405280");
Deleted : user_pref("CT2405280.CurrentServerDate", "4-10-2010");
Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Mon Oct 04 2010 16:16:10 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2405280.FeedLastCount1783261708582779529", 2222);
Deleted : user_pref("CT2405280.FeedPollDate129212394466815234", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815240", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815246", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815252", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815258", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815264", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815270", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815276", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815282", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815288", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815294", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815300", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815306", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466815312", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971568", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971574", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971580", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971586", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971592", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971598", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971604", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971610", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971616", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971622", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971628", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971634", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971640", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971646", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971652", "Tue Aug 10 2010 20:08:35 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971658", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971664", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971670", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971676", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971682", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971688", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971694", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971700", "Tue Aug 10 2010 20:08:36 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394466971706", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127962", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127968", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127974", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127980", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127986", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127992", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467127998", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128004", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128010", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128016", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128022", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128028", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128034", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129212394467128040", "Wed Aug 11 2010 16:59:37 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415092", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415098", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415104", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415110", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415116", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392415122", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571378", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571384", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571390", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571396", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571402", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571408", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571414", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571420", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571426", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571432", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571438", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392571444", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727700", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727706", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727712", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727718", "Mon Oct 04 2010 16:16:12 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727724", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727730", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727736", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727742", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727748", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727754", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727760", "Sun Oct 03 2010 20:42:59 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727766", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727772", "Mon Oct 04 2010 16:16:13 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727778", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727784", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727790", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727796", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727802", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727808", "Sun Oct 03 2010 20:43:00 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727814", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727820", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727826", "Mon Oct 04 2010 16:16:14 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727832", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727838", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727844", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727850", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727856", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727862", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727868", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727874", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727880", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727886", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727892", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedPollDate129255180392727898", "Mon Oct 04 2010 16:16:15 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2405280.FeedTTL129212394466815246", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466815258", 60);
Deleted : user_pref("CT2405280.FeedTTL129212394466815312", 60);
Deleted : user_pref("CT2405280.FeedTTL129212394466971568", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971574", 2);
Deleted : user_pref("CT2405280.FeedTTL129212394466971580", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971592", 30);
Deleted : user_pref("CT2405280.FeedTTL129212394466971598", 5);
Deleted : user_pref("CT2405280.FeedTTL129212394466971604", 5);
Deleted : user_pref("CT2405280.FeedTTL129212394466971616", 5);
Deleted : user_pref("CT2405280.FeedTTL129212394466971628", 30);
Deleted : user_pref("CT2405280.FeedTTL129212394466971634", 30);
Deleted : user_pref("CT2405280.FeedTTL129212394466971658", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971670", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971676", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971682", 15);
Deleted : user_pref("CT2405280.FeedTTL129212394466971700", 1440);
Deleted : user_pref("CT2405280.FeedTTL129212394467127980", 10);
Deleted : user_pref("CT2405280.FeedTTL129212394467127998", 5);
Deleted : user_pref("CT2405280.FeedTTL129255180392415104", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392415116", 60);
Deleted : user_pref("CT2405280.FeedTTL129255180392571420", 60);
Deleted : user_pref("CT2405280.FeedTTL129255180392571426", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392571432", 2);
Deleted : user_pref("CT2405280.FeedTTL129255180392571438", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392727700", 2);
Deleted : user_pref("CT2405280.FeedTTL129255180392727706", 5);
Deleted : user_pref("CT2405280.FeedTTL129255180392727712", 5);
Deleted : user_pref("CT2405280.FeedTTL129255180392727724", 5);
Deleted : user_pref("CT2405280.FeedTTL129255180392727736", 30);
Deleted : user_pref("CT2405280.FeedTTL129255180392727742", 30);
Deleted : user_pref("CT2405280.FeedTTL129255180392727766", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392727778", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392727784", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392727790", 15);
Deleted : user_pref("CT2405280.FeedTTL129255180392727808", 1440);
Deleted : user_pref("CT2405280.FeedTTL129255180392727838", 10);
Deleted : user_pref("CT2405280.FeedTTL129255180392727856", 5);
Deleted : user_pref("CT2405280.FirstServerDate", "2-7-2010");
Deleted : user_pref("CT2405280.FirstTime", true);
Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Deleted : user_pref("CT2405280.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405280.Initialize", true);
Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2405280.InstalledDate", "Fri Jul 02 2010 00:08:35 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2405280.InvalidateCache", false);
Deleted : user_pref("CT2405280.IsGrouping", false);
Deleted : user_pref("CT2405280.IsMulticommunity", false);
Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Sun Oct 03 2010 20:42:56 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405280.LastLogin_2.5.8.6", "Thu Aug 19 2010 19:42:14 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2405280.LastLogin_2.7.2.0", "Mon Oct 04 2010 16:19:40 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2405280.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2405280.Locale", "en-us");
Deleted : user_pref("CT2405280.LoginCache", 4);
Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Deleted : user_pref("CT2405280.RadioLastCheckTime", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Deleted : user_pref("CT2405280.RadioMediaID", "20503713");
Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Deleted : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2405280.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2405280.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Sun Oct 03 2010 20:42:56 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Mon Oct 04 2010 16:16:09 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2405280.SettingsLastUpdate", "1285675859");
Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Sun Sep 26 2010 09:06:57 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1277824096");
Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2405280.UserID", "UN16512728045131864");
Deleted : user_pref("CT2405280.ValidationData_Search", 2);
Deleted : user_pref("CT2405280.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2405280.WeatherNetwork", "");
Deleted : user_pref("CT2405280.WeatherPollDate", "Mon Oct 04 2010 16:16:11 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2405280.WeatherUnit", "C");
Deleted : user_pref("CT2405280.alertChannelId", "799768");
Deleted : user_pref("CT2405280.clientLogIsEnabled", false);
Deleted : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2405280.myStuffEnabled", true);
Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.playnow.softendo.com/platform.html", [...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 13:02:35 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jan 17 2012 07:09:40 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jan 17 2012 07:09:33 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "2f7a55e1-0dc6-4249-bf2b-075d2aac4c01");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 03 2010 20:42:56 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2405280");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jan 07 2012 15:06:53 GMT-0500 (Eastern Stan[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Sep 04 2011 11:39:06 GMT-0400 (Eastern Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/08/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sun May 08 2011 13:02:37 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Sep 04 2011 11:39:06 GMT-0400 (Eastern Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Sep 04 2011 23:00:24 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Sep 04 2011 23:00:24 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN93588459742353653");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Sep 04 2011 11:39:06 GMT-0400 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Sep 05 2011 03:00:24 GMT-0400 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "BearShare Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic-Eng7 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&Sea[...]
Deleted : user_pref("browser.search.order.1", "BearShare Web Search");
Deleted : user_pref("extensions.asktb.cbid", "OE");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1300848763252");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.o", "16046");
Deleted : user_pref("extensions.asktb.options-lang", "en");
Deleted : user_pref("extensions.asktb.options-locale", "UK");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]
Deleted : user_pref("extensions.asktb.to", "16104");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1327379604);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1327379604");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1327379604");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Tue Dec 18 2012 13:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Tue Dec 25 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2215706%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346972374241");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221113%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2216672%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346972373646");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){function t(b,d){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,64,72,1000014[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 19);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 94);
Deleted : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1327383735);
Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_N[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 15);
Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1327383735");
Deleted : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.inde[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)"[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{}[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)"[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedTe[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"und[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,b){if(typeof([...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.code", "if(typeof window!==\"unde[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014")[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp2258.73407340.ver", 90);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "1350e3c6abc24291fc3acd5c5c627bfb");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1327383735);
Deleted : user_pref("extensions.crossriderapp2258.jsver", 3);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22597569);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22597573);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1333523914155");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1333523914152");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.86.92,{972ce4c6-7e08-4474-[...]

File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ep0qw4jw.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\FAG\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [47554 octets] - [14/01/2013 23:48:07]

########## EOF - C:\AdwCleaner[S1].txt - [47615 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Ultimate x86
Ran by Josh on Mon 01/14/2013 at 23:52:34.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\fixcleaner
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a69}
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bearsharewebsearch.xml"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/15/2013 at 0:00:50.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 1/15/2013 12:12:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.34% Memory free
5.98 Gb Paging File | 4.99 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 67.79 Gb Free Space | 29.12% Space Free | Partition Type: NTFS

Computer Name: FAG-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 00:11:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
PRC - [2013/01/08 21:30:52 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2013/01/08 21:26:20 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/12/28 18:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/14 14:45:30 | 000,526,208 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
PRC - [2012/11/14 14:45:28 | 007,220,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2012/11/14 14:45:28 | 004,067,200 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2012/11/14 14:45:28 | 001,640,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/14 15:11:00 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2013/01/14 15:10:05 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2013/01/14 15:09:53 | 000,969,280 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/01/14 15:09:51 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2013/01/14 15:09:49 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2013/01/14 15:09:47 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/11/14 14:45:30 | 000,963,456 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/01/08 21:30:52 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/11 22:51:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/14 14:45:30 | 000,526,208 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/01 16:46:51 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/25 06:33:37 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Disabled | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2011/11/24 12:05:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2011/11/10 01:32:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/21 17:00:00 | 004,178,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Josh\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/01/14 20:41:54 | 000,141,640 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV - [2013/01/14 20:41:53 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/11/13 21:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012/10/12 09:54:52 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2012/10/12 09:20:38 | 000,069,024 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012/10/12 09:20:38 | 000,011,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012/05/13 02:34:31 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2012/03/25 17:33:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/11 16:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/22 00:09:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2007/10/24 02:36:42 | 000,177,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4092775245-913444807-781344819-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4092775245-913444807-781344819-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4092775245-913444807-781344819-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/06 01:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/15 13:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/01 16:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/24 06:43:26 | 000,000,000 | ---D | M]

[2012/12/23 21:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2012/12/24 21:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/24 21:10:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/01 16:46:52 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/28 02:22:22 | 000,056,160 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/01 16:46:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/01 16:46:50 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: npruntime scriptable plugin for beanfun (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBFPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npnxgame.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: Google Drive = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Missing e = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\
CHR - Extension: YouTube = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Ponyhoof = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd\1.511_0\
CHR - Extension: AdBlock = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: avast! WebRep = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/16 22:48:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKU\S-1-5-21-4092775245-913444807-781344819-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4092775245-913444807-781344819-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4092775245-913444807-781344819-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092775245-913444807-781344819-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092775245-913444807-781344819-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4092775245-913444807-781344819-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/22 03:14:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 00:11:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2013/01/14 23:52:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/14 23:52:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/14 23:51:43 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Josh\Desktop\JRT.exe
[2013/01/14 22:05:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/14 22:05:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/14 21:22:10 | 005,022,074 | R--- | C] (Swearware) -- C:\Users\Josh\Desktop\ComboFix.exe
[2013/01/14 20:41:54 | 000,141,640 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/14 17:47:25 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2013/01/14 17:46:29 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Programs
[2013/01/14 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\SecondLife
[2013/01/14 16:24:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\SecondLife
[2013/01/14 16:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2013/01/14 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLifeViewer2
[2013/01/14 01:08:07 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Auslogics
[2013/01/14 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
[2013/01/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Portable
[2013/01/13 21:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/01/13 21:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/01/13 21:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/13 17:24:08 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\enchant
[2013/01/13 17:19:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Office2007_ThinApp
[2013/01/13 17:17:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AbiSuite
[2013/01/13 17:17:14 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013/01/13 17:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2013/01/13 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\AbiWord
[2013/01/13 00:08:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Lite
[2013/01/09 08:34:07 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\DragonNest
[2013/01/08 21:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/01/08 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/08 21:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/01/08 18:28:33 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
[2013/01/08 18:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Super Meat Boy
[2013/01/08 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Vindictus
[2013/01/08 13:03:28 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\SKIDROW
[2013/01/08 09:52:16 | 000,000,000 | ---D | C] -- C:\Users\Josh\.swt
[2013/01/08 09:27:58 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trickster Online
[2013/01/08 07:44:06 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Security & Cleaning Software
[2013/01/08 04:38:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/08 04:37:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/08 04:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/08 04:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/08 04:23:27 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\BitTorrent
[2013/01/06 13:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/01/06 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/01/05 10:21:46 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\CyberLink
[2013/01/05 10:21:05 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\CrashRpt
[2013/01/05 10:20:45 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Producer
[2013/01/05 10:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream for Producers
[2013/01/05 10:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream for Producers
[2013/01/05 10:09:00 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Livestream
[2013/01/05 08:42:44 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\fltk.org
[2013/01/05 08:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2013/01/05 08:42:40 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\Amnesia
[2013/01/05 08:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2013/01/05 08:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amnesia - The Dark Descent
[2013/01/05 07:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013/01/05 07:55:17 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2013/01/05 00:39:03 | 000,000,000 | R--D | C] -- C:\Users\Josh\Dropbox
[2013/01/05 00:37:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/01/05 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Dropbox
[2012/12/30 00:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/30 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/12/27 03:48:08 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\DivX
[2012/12/25 13:27:49 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Other ****
[2012/12/25 13:27:04 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Apple Computer
[2012/12/24 21:09:35 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Skype
[2012/12/24 21:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/24 21:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/24 21:09:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/12/24 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\SYSTEMAX Software Development
[2012/12/24 16:40:54 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\WTablet
[2012/12/24 16:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2012/12/24 16:40:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2012/12/24 16:40:48 | 000,069,024 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wachidrouter.sys
[2012/12/24 16:40:48 | 000,011,680 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2012/12/24 16:40:38 | 001,629,056 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2012/12/24 16:40:38 | 001,621,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Touch_Tablet.dll
[2012/12/24 16:40:38 | 001,510,272 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2012/12/24 16:40:38 | 001,506,176 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomMT.dll
[2012/12/24 16:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2012/12/24 16:31:49 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\join.me
[2012/12/24 16:31:27 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Wacom
[2012/12/24 16:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2012/12/24 16:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2012/12/24 16:30:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Adobe
[2012/12/24 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bamboo Dock
[2012/12/24 16:24:49 | 000,013,728 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomrouterfilter.sys
[2012/12/24 15:02:28 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\PaintTool SAI English Pack
[2012/12/24 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\WinRAR
[2012/12/24 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Razer
[2012/12/24 01:56:41 | 000,000,000 | --SD | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
[2012/12/24 01:46:42 | 000,000,000 | --SD | C] -- C:\Users\Josh\Documents\Mabinogi
[2012/12/23 22:27:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Tumblr related
[2012/12/23 22:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/12/23 22:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/12/23 22:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2012/12/23 21:27:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\PMB Files
[2012/12/23 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/23 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Google
[2012/12/23 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Apple
[2012/12/23 21:19:25 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Mozilla
[2012/12/23 21:19:25 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Mozilla
[2012/12/23 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Apple Computer
[2012/12/23 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Adobe
[2012/12/23 21:17:19 | 000,000,000 | R--D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/12/23 21:17:19 | 000,000,000 | R--D | C] -- C:\Users\Josh\Searches
[2012/12/23 21:17:19 | 000,000,000 | R--D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/12/23 21:17:19 | 000,000,000 | -H-D | C] -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/12/23 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Identities
[2012/12/23 21:17:06 | 000,000,000 | R--D | C] -- C:\Users\Josh\Contacts
[2012/12/23 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\VirtualStore
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\AppData\Local\Temporary Internet Files
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Templates
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Start Menu
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\SendTo
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Recent
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\PrintHood
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\NetHood
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Documents\My Videos
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Documents\My Pictures
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Documents\My Music
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\My Documents
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Local Settings
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\AppData\Local\History
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Cookies
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\Application Data
[2012/12/23 21:16:58 | 000,000,000 | -HSD | C] -- C:\Users\Josh\AppData\Local\Application Data
[2012/12/23 21:16:57 | 000,000,000 | --SD | C] -- C:\Users\Josh\AppData\Roaming\Microsoft
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Videos
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Saved Games
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Pictures
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Music
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Links
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Favorites
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Downloads
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Documents
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\Desktop
[2012/12/23 21:16:57 | 000,000,000 | R--D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/23 21:16:57 | 000,000,000 | -H-D | C] -- C:\Users\Josh\AppData
[2012/12/23 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2012/12/23 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Microsoft
[2012/12/23 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Media Center Programs
[2012/12/23 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Macromedia
[2012/12/23 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/15 00:11:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2013/01/14 23:57:05 | 000,012,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 23:57:05 | 000,012,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 23:51:55 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Josh\Desktop\JRT.exe
[2013/01/14 23:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/14 23:49:30 | 2408,341,504 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/14 23:45:24 | 000,554,087 | ---- | M] () -- C:\Users\Josh\Desktop\adwcleaner.exe
[2013/01/14 21:22:17 | 005,022,074 | R--- | M] (Swearware) -- C:\Users\Josh\Desktop\ComboFix.exe
[2013/01/14 20:41:54 | 000,141,640 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/14 20:41:53 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/01/13 19:06:36 | 000,014,032 | ---- | M] () -- C:\Users\Josh\Documents\Resume.abw
[2013/01/13 18:48:38 | 000,007,466 | ---- | M] () -- C:\Users\Josh\Documents\Kramer Thank you note.abw
[2013/01/13 18:46:23 | 000,007,501 | ---- | M] () -- C:\Users\Josh\Documents\Haley Paul Thank you note.abw
[2013/01/13 18:46:08 | 000,003,389 | ---- | M] () -- C:\Users\Josh\Documents\Pinkerton Thank you note.abw
[2013/01/13 18:32:13 | 000,006,293 | ---- | M] () -- C:\Users\Josh\Documents\Reflective Journal.abw
[2013/01/13 18:13:56 | 002,818,467 | ---- | M] () -- C:\Users\Josh\Documents\Experience Log.abw
[2013/01/12 11:35:51 | 000,002,201 | ---- | M] () -- C:\Users\Josh\Desktop\Google Chrome.lnk
[2013/01/09 03:44:54 | 000,296,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 03:26:27 | 000,660,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 03:26:27 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/08 21:25:58 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/08 15:47:46 | 000,001,182 | ---- | M] () -- C:\Users\Josh\Desktop\ Mabinogi .lnk
[2013/01/08 14:02:32 | 2708,770,299 | ---- | M] () -- C:\Users\Josh\Desktop\Lilo and Stitch.mkv
[2013/01/06 18:54:32 | 000,516,882 | ---- | M] () -- C:\Users\Josh\Documents\efficiency.png
[2013/01/06 18:48:03 | 000,000,102 | ---- | M] () -- C:\Users\Josh\Desktop\cPix.ini
[2013/01/06 18:36:41 | 000,619,520 | ---- | M] () -- C:\Users\Josh\Desktop\ColorPix.exe
[2013/01/06 18:11:25 | 000,126,040 | ---- | M] () -- C:\Users\Josh\Documents\AAAAA.png
[2013/01/06 10:14:52 | 000,788,944 | ---- | M] () -- C:\Users\Josh\Documents\2356B47B-37DF-4FB3-9244-EA631551AEC6.jpg
[2013/01/05 10:20:55 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Livestream for Producers - Windows.lnk
[2013/01/05 10:10:48 | 240,709,983 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/05 06:58:10 | 000,010,919 | ---- | M] () -- C:\Users\Josh\Documents\fluttershelf.png
[2013/01/05 00:38:32 | 000,001,046 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/03 03:10:59 | 000,032,220 | ---- | M] () -- C:\Users\Josh\Desktop\tumblr_inline_mg0ylxa1Tc1qi3s12.png
[2013/01/02 16:46:25 | 000,060,375 | ---- | M] () -- C:\Users\Josh\Documents\Ponehs.jpg
[2013/01/01 06:14:24 | 000,204,102 | ---- | M] () -- C:\Users\Josh\Documents\BoButt3.jpg
[2013/01/01 05:53:07 | 000,205,585 | ---- | M] () -- C:\Users\Josh\Documents\RealMe.jpg
[2012/12/31 22:12:44 | 000,264,689 | ---- | M] () -- C:\Users\Josh\Documents\Strigi.png
[2012/12/27 00:25:29 | 000,001,925 | ---- | M] () -- C:\Users\Josh\Desktop\Skype.lnk
[2012/12/26 22:07:15 | 000,001,407 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/25 20:37:22 | 001,491,860 | ---- | M] () -- C:\Users\Josh\Documents\C36597DC-9180-49EC-96CE-57D78A05AA11.jpg
[2012/12/25 19:31:39 | 000,449,211 | ---- | M] () -- C:\Users\Josh\RD.png
[2012/12/25 19:30:07 | 000,435,893 | ---- | M] () -- C:\Users\Josh\derpy.png
[2012/12/25 18:53:02 | 000,294,558 | ---- | M] () -- C:\Users\Josh\Documents\bloop.jpg
[2012/12/25 18:44:49 | 000,572,213 | ---- | M] () -- C:\Users\Josh\Documents\2012-12-24_22-25-03_913.jpg
[2012/12/25 18:33:32 | 000,056,236 | ---- | M] () -- C:\Users\Josh\Documents\****.png
[2012/12/25 18:30:17 | 000,403,386 | ---- | M] () -- C:\Users\Josh\Documents\boop.jpg
[2012/12/25 18:16:00 | 000,684,612 | ---- | M] () -- C:\Users\Josh\Documents\2012-12-24_22-25-23_427.jpg
[2012/12/24 16:44:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2012/12/24 16:31:50 | 000,001,055 | ---- | M] () -- C:\Users\Josh\Desktop\join.me.lnk
[2012/12/24 16:27:09 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
[2012/12/24 16:27:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
[2012/12/24 16:27:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/24 16:27:09 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/24 16:27:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 22:09:39 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012/12/23 21:17:00 | 000,000,450 | RHS- | M] () -- C:\Users\Josh\ntuser.pol
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2013/01/14 23:45:20 | 000,554,087 | ---- | C] () -- C:\Users\Josh\Desktop\adwcleaner.exe
[2013/01/14 20:41:53 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/01/13 19:06:36 | 000,014,032 | ---- | C] () -- C:\Users\Josh\Documents\Resume.abw
[2013/01/13 18:48:38 | 000,007,466 | ---- | C] () -- C:\Users\Josh\Documents\Kramer Thank you note.abw
[2013/01/13 18:46:23 | 000,007,501 | ---- | C] () -- C:\Users\Josh\Documents\Haley Paul Thank you note.abw
[2013/01/13 18:46:08 | 000,003,389 | ---- | C] () -- C:\Users\Josh\Documents\Pinkerton Thank you note.abw
[2013/01/13 18:32:12 | 000,006,293 | ---- | C] () -- C:\Users\Josh\Documents\Reflective Journal.abw
[2013/01/13 18:13:56 | 002,818,467 | ---- | C] () -- C:\Users\Josh\Documents\Experience Log.abw
[2013/01/08 21:25:58 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/08 13:03:51 | 2708,770,299 | ---- | C] () -- C:\Users\Josh\Desktop\Lilo and Stitch.mkv
[2013/01/06 18:53:50 | 000,516,882 | ---- | C] () -- C:\Users\Josh\Documents\efficiency.png
[2013/01/06 18:48:03 | 000,000,102 | ---- | C] () -- C:\Users\Josh\Desktop\cPix.ini
[2013/01/06 18:47:25 | 000,619,520 | ---- | C] () -- C:\Users\Josh\Desktop\ColorPix.exe
[2013/01/06 18:11:22 | 000,126,040 | ---- | C] () -- C:\Users\Josh\Documents\AAAAA.png
[2013/01/06 10:14:12 | 000,788,944 | ---- | C] () -- C:\Users\Josh\Documents\2356B47B-37DF-4FB3-9244-EA631551AEC6.jpg
[2013/01/05 10:20:55 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Livestream for Producers - Windows.lnk
[2013/01/05 06:58:09 | 000,010,919 | ---- | C] () -- C:\Users\Josh\Documents\fluttershelf.png
[2013/01/05 00:38:32 | 000,001,046 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/03 03:10:59 | 000,032,220 | ---- | C] () -- C:\Users\Josh\Desktop\tumblr_inline_mg0ylxa1Tc1qi3s12.png
[2013/01/02 16:46:18 | 000,060,375 | ---- | C] () -- C:\Users\Josh\Documents\Ponehs.jpg
[2013/01/01 06:14:21 | 000,204,102 | ---- | C] () -- C:\Users\Josh\Documents\BoButt3.jpg
[2013/01/01 05:53:05 | 000,205,585 | ---- | C] () -- C:\Users\Josh\Documents\RealMe.jpg
[2012/12/31 22:12:34 | 000,264,689 | ---- | C] () -- C:\Users\Josh\Documents\Strigi.png
[2012/12/27 00:25:29 | 000,001,925 | ---- | C] () -- C:\Users\Josh\Desktop\Skype.lnk
[2012/12/26 22:07:15 | 000,001,407 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/25 20:37:04 | 001,491,860 | ---- | C] () -- C:\Users\Josh\Documents\C36597DC-9180-49EC-96CE-57D78A05AA11.jpg
[2012/12/25 19:27:58 | 000,449,211 | ---- | C] () -- C:\Users\Josh\RD.png
[2012/12/25 19:27:58 | 000,435,893 | ---- | C] () -- C:\Users\Josh\derpy.png
[2012/12/25 18:53:02 | 000,294,558 | ---- | C] () -- C:\Users\Josh\Documents\bloop.jpg
[2012/12/25 18:42:30 | 000,572,213 | ---- | C] () -- C:\Users\Josh\Documents\2012-12-24_22-25-03_913.jpg
[2012/12/25 18:33:32 | 000,056,236 | ---- | C] () -- C:\Users\Josh\Documents\****.png
[2012/12/25 18:30:16 | 000,403,386 | ---- | C] () -- C:\Users\Josh\Documents\boop.jpg
[2012/12/25 18:15:48 | 000,684,612 | ---- | C] () -- C:\Users\Josh\Documents\2012-12-24_22-25-23_427.jpg
[2012/12/24 16:44:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2012/12/24 16:31:51 | 000,001,055 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012/12/24 16:31:50 | 000,001,055 | ---- | C] () -- C:\Users\Josh\Desktop\join.me.lnk
[2012/12/24 02:03:27 | 000,001,182 | ---- | C] () -- C:\Users\Josh\Desktop\ Mabinogi .lnk
[2012/12/23 22:09:39 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2012/12/23 21:22:12 | 000,002,201 | ---- | C] () -- C:\Users\Josh\Desktop\Google Chrome.lnk
[2012/12/23 21:17:20 | 000,001,413 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/23 21:17:00 | 000,000,450 | RHS- | C] () -- C:\Users\Josh\ntuser.pol
[2012/12/23 21:16:58 | 000,000,290 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/23 21:16:57 | 000,000,272 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/04 16:35:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/05/17 05:42:54 | 000,296,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/13 02:34:31 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012/05/13 02:34:30 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012/03/25 17:23:06 | 002,608,640 | ---- | C] () -- C:\Program Files\STEINSGATE.exe
[2012/03/25 17:23:06 | 000,001,989 | ---- | C] () -- C:\Program Files\system.npa
[2012/03/25 17:23:05 | 012,849,854 | ---- | C] () -- C:\Program Files\nss.npa
[2012/03/23 20:11:04 | 000,141,360 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/03/23 20:10:34 | 000,281,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/03/23 20:10:32 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012/03/23 20:10:32 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/10 02:24:20 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/01/10 02:24:19 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/01/08 15:46:20 | 000,109,216 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/01/08 15:46:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/12/07 17:05:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/11/01 17:43:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/01 17:43:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/01 17:43:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/01 17:43:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/01 17:43:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/26 21:51:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/26 21:51:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/06 21:50:01 | 000,010,976 | -HS- | C] () -- C:\ProgramData\57wy72wnxpyt78imn18bgx
[2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/02/11 16:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/29 11:50:39 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\.minecraft
[2012/01/20 02:21:12 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Azureus
[2012/06/22 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\BitTorrent
[2012/03/05 20:59:38 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Blender Foundation
[2012/02/19 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/22 15:25:46 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\DAEMON Tools Lite
[2011/11/14 00:16:43 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\DAZ 3D
[2012/03/24 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Dragona
[2011/11/10 03:17:52 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\FixCleaner
[2011/06/23 00:35:21 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\FrostWire
[2012/04/07 02:40:51 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\inkscape
[2012/05/13 01:32:34 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\KlLauncherST
[2012/01/12 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\LimeWire
[2012/06/30 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\LolClient
[2012/06/11 16:47:14 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\LolClient2
[2012/01/03 03:04:57 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\MediaMonkey
[2010/07/22 16:07:54 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Moonchild Productions
[2011/12/22 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Music Recognition
[2010/08/28 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\MusicNet
[2012/03/25 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Nitroplus
[2012/01/23 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\ooVoo Details
[2012/03/14 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\OpenOffice.org
[2012/03/26 09:29:30 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\SecondLife
[2012/04/06 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\StepMania 5
[2011/11/27 14:50:07 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\SYSTEMAX Software Development
[2012/06/14 16:22:23 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\TuneUpMedia
[2012/01/22 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Unity
[2012/05/16 20:53:32 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\uTorrent
[2012/12/25 15:07:51 | 000,000,000 | ---D | M] -- C:\Users\FAG\AppData\Roaming\Wacom
[2013/01/14 01:08:45 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Auslogics
[2013/01/08 04:23:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent
[2013/01/13 00:08:46 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Lite
[2013/01/14 23:50:40 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Dropbox
[2013/01/13 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\enchant
[2013/01/05 08:42:44 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\fltk.org
[2013/01/05 10:09:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Livestream
[2013/01/14 16:25:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SecondLife
[2012/12/24 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SYSTEMAX Software Development
[2013/01/14 04:23:49 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2012/12/24 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Wacom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B

< End of report >
 
OTL Extras logfile created on: 1/15/2013 12:12:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.34% Memory free
5.98 Gb Paging File | 4.99 Gb Available in Paging File | 83.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 67.79 Gb Free Space | 29.12% Space Free | Partition Type: NTFS

Computer Name: FAG-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4092775245-913444807-781344819-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AE78BB-99B6-4312-8433-05FBDBCD4ED9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BD28237-6318-4BB9-A527-224C69A38ECF}" = lport=37676 | protocol=17 | dir=in | name=oovoo udp port 37676 |
"{0E7A1CA4-E020-4018-8709-7EF5F57A0358}" = lport=56304 | protocol=17 | dir=in | name=pando media booster |
"{11CA85FE-2514-4339-8B85-AC1DAB3637DF}" = lport=56093 | protocol=6 | dir=in | name=pando media booster |
"{1276497E-F6C2-41AF-AD41-FAB7BCCB3B10}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{1613CEB1-7D15-4D8C-86AB-9820F35BE80E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{193F6B80-AB3D-4CC0-BBF1-DACF55BF2342}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C4B08E2-DF41-40EC-AA3F-45346BE46C0A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2134A58B-2803-4940-85C2-9519209C8FE2}" = lport=57283 | protocol=17 | dir=in | name=pando media booster |
"{250E3CC8-0102-45FD-B1C0-2DF4843A29B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B46D692-66AE-48FE-B175-FCF5D5F0350E}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{2BF3A6D4-947C-404B-9954-DAF54AF9FEF3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2CCDECF2-D39E-4B12-BDC2-887A9125BA2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{327A827C-ECEF-4E96-8C50-13C480693CE3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3BAE7546-D484-461F-B755-27B220027064}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3CB6F43D-9A4C-4A93-AA2B-EACFC0875128}" = lport=57283 | protocol=17 | dir=in | name=pando media booster |
"{3E5C9A2C-06BB-4896-B51C-3EEA47D5581B}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{4108D5D8-E2B0-4213-8B68-F2ED56E15637}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A23B6C2-EBC2-4C05-B6F2-8224F580D4A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50BEB7D6-D260-45C5-91FB-46E9C8D1602D}" = lport=57197 | protocol=17 | dir=in | name=pando media booster |
"{50EEA224-F3C1-4862-B325-2100C0B3524C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5CB7C9E8-807B-4871-9CB8-3D409CFF7313}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6762B845-783C-493F-92AE-1E70534C7418}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68D57CC4-6C4D-4CA9-BF64-B9431158AC47}" = lport=56304 | protocol=6 | dir=in | name=pando media booster |
"{68FFFEF5-B5DA-47B9-8D6C-5BF6D5E7542F}" = lport=37677 | protocol=17 | dir=in | name=oovoo udp port 37677 |
"{6ABF09AE-FCD5-4300-93BC-7A5C96BA7E0F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{76CAD73B-A2F2-4872-99C9-0CED8FA82A75}" = lport=137 | protocol=17 | dir=in | app=system |
"{77FC5663-243D-4854-BB61-58CC0277F14E}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{806F6B6F-F6C1-4428-8E58-77BAA432D435}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A9BEDB2-D77D-4E88-9EAB-DA688605A763}" = lport=37676 | protocol=6 | dir=in | name=oovoo tcp port 37676 |
"{8C044EF7-2DD0-4823-8047-5D18A679E1FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{8CE05A35-20FD-4B3D-9054-E60ED7C7ACD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D71F2BF-B355-41B2-85AA-00242BA76FB2}" = rport=445 | protocol=6 | dir=out | app=system |
"{94C94A34-A261-4096-8599-103E086F92BC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{A05CFCB0-B4D8-43A3-9614-A7E85D85F746}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0DECFFC-FAC8-406D-9780-1E6686251F4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4136A2E-E882-4C3F-9407-7AEC184DE14A}" = lport=57283 | protocol=6 | dir=in | name=pando media booster |
"{A4481032-2E8E-43D6-B806-6AAA516D87FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5363026-048D-4BE9-8649-49F12CB28549}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A916A7B7-A99B-449B-B88A-A6DD1585FC35}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3517028-43DB-4528-8454-46434204BD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9C9E5BA-C4AB-48A0-AAC1-0E66159BE62B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BECACF8C-DF80-4C8B-8A36-F42DC9471838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C02F8E14-2C32-4621-ABD1-8AB5B64CFEC2}" = lport=57197 | protocol=6 | dir=in | name=pando media booster |
"{C7719C72-96E0-4204-AA96-554FB8A88094}" = lport=56093 | protocol=6 | dir=in | name=pando media booster |
"{CDD17C94-9115-4A74-B4CC-2DFFE7992DBE}" = lport=57197 | protocol=6 | dir=in | name=pando media booster |
"{D4F0457D-B88C-48EB-AF44-828286F9F6C4}" = lport=56093 | protocol=17 | dir=in | name=pando media booster |
"{D72DB26A-10D5-4132-8883-E9D11B5DF519}" = lport=56093 | protocol=17 | dir=in | name=pando media booster |
"{DD84FE00-6D7C-4395-9F5B-BBD1B6D1B4D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DF1B2F20-2CFA-4C72-BFA4-B7B5AC835758}" = lport=57197 | protocol=17 | dir=in | name=pando media booster |
"{E1E94986-0E87-4A79-91AB-79B9545325A6}" = lport=56304 | protocol=6 | dir=in | name=pando media booster |
"{E3CC634D-A6DF-4C29-AE15-F2BE9D0ACEC4}" = lport=56304 | protocol=17 | dir=in | name=pando media booster |
"{E660BA12-325A-4C8B-8B86-0FB2777F67D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE02DB1B-7063-49A7-B65F-33AFD9CDCC88}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0E09BF0-B3BF-4014-BBF1-7A23CDBFAC18}" = lport=57283 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061F8FBA-23E4-4DF1-93D1-00976E5C2826}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A59EF91-91F1-47A5-BD50-83DADF89A982}" = protocol=6 | dir=out | app=system |
"{0C668729-F3B1-4374-BDEC-6DA79F51975B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{10877751-6557-4E8A-9F98-35877C71FE3F}" = protocol=17 | dir=in | app=c:\program files\ogplanet\uslauncher\ogplauncher.exe |
"{11339876-B8B2-42B8-B66A-6B1B7BB8DE8A}" = protocol=17 | dir=in | app=c:\users\josh\appdata\roaming\dropbox\bin\dropbox.exe |
"{12A56D72-ABCF-461F-B75D-7F687FE1DF51}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{15FFE8E3-2ADF-4250-BC51-37AD349868AF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{189FB357-B7DF-4AC8-9ED1-668A0283FB8D}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{1ABC723E-DD3D-4A6F-8C15-28B03F46FD0E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragonnest\dnlauncher.exe |
"{2051DF86-ABED-4BD5-9C8B-671E69186DC8}" = protocol=6 | dir=in | app=c:\users\josh\appdata\roaming\dropbox\bin\dropbox.exe |
"{20924B9C-CA54-4C10-A45F-5092FE4069D4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26A62955-F53B-44B8-9AE6-236E4BB89D07}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{29BD0B15-766C-4882-AF4F-3ED36ADB3EDB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{330DBAB6-583D-4FD8-868C-EA890D127941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35E7439E-E0C3-4D33-8D5E-F9DC12CD8A23}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3BA91773-410E-40B9-9622-0AEF5E7A5B06}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{44945565-E8A0-4A9B-9B1D-A653A09069EB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F61162-9607-40A2-BF74-C28860461CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46A77B16-A360-4C1C-A9CA-05DFB216B33D}" = protocol=6 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{4FE726AF-4553-49EA-9D2D-43D2A235A48E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{5247F7DE-ADE8-4711-BB79-CFA9675D951A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragonnest\dnlauncher.exe |
"{5B07F7A1-B6E9-4DC1-9984-FC0CF4E2A9CA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{648BECF4-E9CF-4EA7-B107-10E4E3713EE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6521444C-767E-471E-B602-E2C42A1A7FE9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{67C9BA86-6169-4FB2-B018-D0E0DE822DD2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6A4FFAF4-9626-4C87-87DB-FA208B217A35}" = protocol=6 | dir=in | app=c:\program files\ogplanet\uslauncher\ogplauncher.exe |
"{6B1A08DD-DF6C-460F-8406-61A6E6269F98}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6D21F7A6-362D-4CEB-82AA-8088BF892A58}" = dir=in | app=c:\users\fag\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{7FA14FB7-FCB5-4AE6-BD42-DDA90B7BEEA7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8362CC2C-3A37-4877-A4D3-21E74DB6B491}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragonnest\dragonnest.exe |
"{8416B730-78CD-428E-A104-3917FC16EEDF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{85278ADB-C427-47C0-B9B1-A286C86025CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maplestory\nxsteam.exe |
"{87C2E0A0-CF07-4AD7-9CC7-BD75BC96C4A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8EE86398-7E41-48F0-A334-2CBDE2FBF3D2}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8F856845-5549-415C-BDFF-E4722E02E299}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8FA75443-BE97-4374-A824-EB848826DCC7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9054292F-C6D0-4801-967D-6464B794D206}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{94BF7CED-AF68-47EC-87A3-C27D6E0A2597}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97898D14-C1EC-43A2-AB4B-E240A4B2EBD3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9C6F9A85-CD54-41D6-BFFF-38C358706EC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0F656C6-83AF-4F16-9C72-8FBED65DB5AB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A1CB26AB-F41C-43BB-A62C-4EC3A2CF451A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3D629C4-D158-43CE-A505-244BC4A0423D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A40C4373-16F6-41FE-9963-9AFB4D44EFE0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragonnest\dragonnest.exe |
"{A42D0648-5AEC-4139-AED7-6B8AC861FD24}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A6F5ECA0-4F63-4137-8CF5-2D26E470A263}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A8E16409-2A94-490B-9236-FF0519E6CD27}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{AAC9E8B0-B921-4B74-BBC9-BADC9545DDDC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AB167DD1-7AB1-419B-A742-E8AC594BE496}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B5572256-DF6D-4F2E-8F8D-81F15D604D31}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6932EF6-03A7-42F1-9371-E946B35405A2}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B8DBBE32-E844-4931-A204-729C940C7225}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC0790D3-7C7D-40E9-A158-D0A7F8B49345}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD6DA84A-47AC-4D73-9BA6-D130CFABFB68}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BF9CA4A9-A944-4640-8C7E-483E22006693}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BFD9D85C-9F04-4490-8B93-6F210E0BA828}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2E8E336-D3D3-4AE8-AD4F-E05416D130C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maplestory\nxsteam.exe |
"{C56F26D8-0254-4D69-BE94-7B681AFFDAD9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C75339A6-7453-4D2A-8159-4ADC7768DFC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA263440-C1A2-46EB-B569-204A9C42C672}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5839977-836B-4B86-A3D9-40C41256B6B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D60BF467-06ED-4DED-9BFC-EB9C6B7011CB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D97330B4-7A69-4204-A37D-7F0F85BF2F8E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{DB9B34C3-D95C-4E91-B5B9-0E9EA124F71A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EDFA15B9-23E9-461C-A0D9-179F3C5F2A03}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0850A4E-8EA0-45B5-9399-A9F9EA4A86AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2D04DB5-54A1-4E1D-BDAE-54C35E54F7A8}" = protocol=17 | dir=in | app=c:\sg interactive\grand chase\main.exe |
"{F31BC637-CB75-4D14-8550-190DB7604642}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8393B72-8995-46D5-90CE-09CD5139F365}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2ACD2E39-697E-4BE1-9380-91D4517BC553}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{C7B6FBC7-99AB-49E9-AA42-B25A3D296629}C:\program files\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"TCP Query User{F6EFF6EC-5A90-4647-B7E5-557F44A0AA9B}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{63C0F012-A69A-45D1-87AF-0D8C8A1F1DD3}C:\program files\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files\valve\portal 2\portal2.exe |
"UDP Query User{9BF8C06D-731B-4206-8396-953A3168D34F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{F96BCB1A-015C-4B3C-802C-9D8C5EB71A4F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14FE48DA-E172-4CC5-B397-92ECA4B0E088}" = STOnline
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F6D3F2C-3DBA-4D20-96D6-D5676F7DB642}" = Dark Eternal- Dissolution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
"{B1F27F3D-4C72-4AC8-96CB-694B2942AA1D}" = Livestream for Producers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1" = Elsword version 1.17
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF222EB6-6FE1-486E-A9E8-93B5D5D72A8C}_is1" = Grand Chase version 092412
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Bamboo Dock" = Bamboo Dock
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Derpys Lamp_is1" = Derpys Lamp
"DivX Setup" = DivX Setup
"DS4 Default Content 4.0.0.14" = DS4 Default Content
"ESET Online Scanner" = ESET Online Scanner v3
"File Shredder_is1" = File Shredder 2.0
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"Pen Tablet Driver" = Bamboo
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"RumbleFighter" = Rumble Fighter
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Steam App 11610" = Dragon Nest
"Steam App 216150" = MapleStory
"Steam App 36630" = Rusty Hearts
"StepMania 5" = StepMania v5.0 alpha 1a (remove only)
"Trickster Online" = Trickster
"TuneUpMedia" = TuneUp Companion 2.2.7
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"Voobly_is1" = Voobly Game Data
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WIDI Recognition System Pro 3.3" = WIDI Recognition System Pro 3.3 (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4092775245-913444807-781344819-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/07/06 21:50:01 | 000,010,976 | -HS- | C] () -- C:\ProgramData\57wy72wnxpyt78imn18bgx
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Done. ESET came up with no log.

All processes killed
========== OTL ==========
Service XDva401 stopped successfully!
Service XDva401 deleted successfully!
File C:\Windows\system32\XDva401.sys not found.
Service XDva393 stopped successfully!
Service XDva393 deleted successfully!
File C:\Windows\system32\XDva393.sys not found.
Service XDva392 stopped successfully!
Service XDva392 deleted successfully!
File C:\Windows\system32\XDva392.sys not found.
Service XDva391 stopped successfully!
Service XDva391 deleted successfully!
File C:\Windows\system32\XDva391.sys not found.
Service XDva375 stopped successfully!
Service XDva375 deleted successfully!
File C:\Windows\system32\XDva375.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\57wy72wnxpyt78imn18bgx moved successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:553CA6CA deleted successfully.
ADS C:\ProgramData\Temp:F63A059B deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Java cache emptied: 45464966 bytes
->FireFox cache emptied: 64738227 bytes
->Google Chrome cache emptied: 355221751 bytes
->Flash cache emptied: 3174344 bytes

User: Josh
->Temp folder emptied: 971560 bytes
->Temporary Internet Files folder emptied: 4751055 bytes
->FireFox cache emptied: 9071950 bytes
->Google Chrome cache emptied: 366501381 bytes
->Flash cache emptied: 1026 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1262659154 bytes

Total Files Cleaned = 2,015.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: FAG
->Java cache emptied: 0 bytes

User: Josh

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: FAG
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152013_003712

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
_____________________________________
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
TuneUp Companion 2.2.7
CCleaner
Auslogics Registry Cleaner
Java(TM) 6 Update 29
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player11.5.502.135
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
_______________________________________________
Farbar Service Scanner Version: 05-01-2013
Ran by Josh (administrator) on 15-01-2013 at 00:47:16
Running from "C:\Users\Josh\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-16 17:00] - [2012-10-03 11:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
 
Uninstall Auslogics Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
All done! So far I have no crashes, the computer seems to be running smoothly.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh
->Temp folder emptied: 50957 bytes
->Temporary Internet Files folder emptied: 36812 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 198274679 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: FAG
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: FAG
->Java cache emptied: 0 bytes

User: Josh

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01152013_153434

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back