Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - darko2021

Pages: [1] 2

Tech Clinic / Please help! Malware

« on: June 08, 2013, 08:36:45 PM »

Much better does it look like everything is ok now?

Tech Clinic / Please help! Malware

« on: June 08, 2013, 02:07:38 PM »

Here are the security results

Results of screen317\'s Security Check version 0.99.64

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````[/u]

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2011

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````[/u]

Out of date HijackThis installed!

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

HijackThis 2.0.2

TuneUp Utilities

TuneUp Utilities Language Pack (en-US)

CCleaner (remove only)

Java(TM) 6 Update 20

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.1.102.64 Flash Player out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (3.5.9) Firefox out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````[/u]

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````[/u]

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````[/u]

Tech Clinic / Please help! Malware

« on: June 08, 2013, 02:02:24 PM »

OTL logfile created on: 6/8/2013 2:54:38 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.15% Memory free

9.75 Gb Paging File | 8.68 Gb Available in Paging File | 89.02% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.04 Gb Free Space | 17.21% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\\Program Files\\Google\\Update\\1.3.21.145\\GoogleCrashHandler.exe

PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgtray.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgnsx.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgrsx.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgcsrvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe

PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\\Program Files\\Nero\\Update\\NASvc.exe

PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe

PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\ASUS CopyProtect\\ASPG.exe

PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\SmartLogon\\sensorsrv.exe

PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\\Program Files\\P4G\\BatteryLife.exe

PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\\Program Files\\asus\\Splendid\\ACMON.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe

PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\\Windows\\System32\\agrsmsvc.exe

PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\\Windows\\RtHDVCpl.exe

PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\\Program Files\\ATK Hotkey\\HControl.exe

PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\WDC.exe

PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ATKOSD.exe

PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTranAgt.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe

PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\KBFiltr.exe

PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\\Program Files\\Wireless Console 2\\wcourier.exe

PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\asghost.exe

PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\\Windows\\System32\\ACEngSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\3da65115bf9debbf564861f6b123a2e4\\System.Configuration.ni.dll

MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\44fb632fb043f5b251d29b0ea750d4f4\\System.Windows.Forms.ni.dll

MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Web\\421cb77e6a4c21f94e3c5ddf766de23b\\System.Web.ni.dll

MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Accessibility\\9b2eef59d0cfc5aff182d0951de5f040\\Accessibility.ni.dll

MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Runtime.Remo#\\b5df40c22ab563a816103629e2ca99d4\\System.Runtime.Remoting.ni.dll

MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\b757806657fa5db2b1ed1a89b026b463\\System.Xml.ni.dll

MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\78157a494dc9a7e52be8840decfcd9cc\\System.Drawing.ni.dll

MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\cc149d08e75f8c53cd28ac926b38c370\\System.ni.dll

MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\2227d1559f87943255069398608d5c56\\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\\Program Files\\DepositFiles\\DF Manager\\dfexex.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\\Windows\\System32\\atitmmxx.dll

MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTran.dll

========== Services (SafeList) ==========

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Windows\\System32\\uxtuneup.dll -- (UxTuneUp)

SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\Windows\\System32\\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe -- (spmgr)

SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\PeerGuardian2\\pgfilter.sys -- (pgfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\NSNDIS5.SYS -- (NSNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (atjsgy5n)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\drivers\\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgldx86.sys -- (Avgldx86)

DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BTHPRINT.SYS -- (BTHprint)

DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\sptd.sys -- (sptd)

DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\atksgt.sys -- (atksgt)

DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\lirsgt.sys -- (lirsgt)

DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\Program Files\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl.sys -- (eeCtrl)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)

DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\lullaby.sys -- (lullaby)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimmptsk.sys -- (rimmptsk)

DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etFilter.sys -- (FiltUSBET)

DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etScan.sys -- (ScanUSBET)

DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\itecir.sys -- (itecir)

DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etDevice.sys -- (DCamUSBET)

DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\ghaio.sys -- (ghaio)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\\Windows\\System32\\speedfan.sys -- (speedfan)

DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS -- (SBKUPNT)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\'>http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Restore = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\SearchScopes,DefaultScope =

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF

IE - HKCU\\..\\SearchScopes\\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: \"URL\" = http://search.yahoo.com/search?p=\'>http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: \"\"

FF - prefs.js..browser.startup.homepage: \"http://google.com\'>http://google.com\"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12

FF - prefs.js..keyword.URL: \"http://www.bing.com/search?pc=Z001&form=ZGAADF&q=\'>http://www.bing.com/search?pc=Z001&form=ZGAADF&q=\"

FF - user.js - File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@fileplanet.com/fpdlm: C:\\Program Files\\Download Manager\\npfpdlm.dll (IGN Entertainment)

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/Photosynth,version=2.0: C:\\Program Files\\Photosynth\\npPhotosynthMozilla.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pack.google.com/Google Updater;version=14: C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@facebook.com/FBPlugin,version=1.0.3: C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll ( )

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\\Program Files\\AVG\\AVG10\\Firefox\\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\\Program Files\\AVG\\AVG10\\Firefox4\\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/06/08 07:53:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions\\[email protected]

[2013/06/08 08:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions

[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\\USERS\\JON\\APPDATA\\ROAMING\\MOZILLA\\FIREFOX\\PROFILES\\HJ43TFIY.DEFAULT\\EXTENSIONS\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files\\mozilla firefox\\plugins\\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/\'>http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\\Program Files\\Download Manager\\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll

CHR - Extension: BIODIGITAL HUMAN = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\agoenciogemlojlhccbcpcfflicgnaak\\0.9.5_0\\

CHR - Extension: Angry Birds = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aknpkdffaafgjchaibgeefbgmgeghloj\\1.5.0.7_0\\

CHR - Extension: Plants vs Zombies = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmcegpfdgcoclcdfkjahiimlikdpnina\\1.0.5_0\\

CHR - Extension: Google Play Books = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmimngoggfoobjdlefbcabngfnmieonb\\1.1.8_0\\

O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4204.1700\\swg.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\\..\\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\\Run: [] File not found

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe ()

O4 - HKLM..\\Run: [ATKOSD2] C:\\Program Files\\ATKOSD2\\ATKOSD2.exe ()

O4 - HKLM..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [CognizanceTS] C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\\Run: [HControlUser] C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe ()

O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [ApplePhotoStreams] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\\Run: [MobileDocuments] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab\'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab\'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab\'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 192.168.1.1

O18 - Protocol\\Handler\\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\\Windows\\System32\\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O24 - Desktop BackupWallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\explore\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\open\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = \"I:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = F:\\FarCryAutoCD.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe /sync /restart)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 08:01:21 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2013/06/08 08:00:53 | 000,000,000 | ---D | C] -- C:\\JRT

[2013/06/08 07:50:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\\Users\\jon\\Desktop\\JRT.exe

[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\url.dll

[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\cdd.dll

[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.sys

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/08 14:53:56 | 000,890,839 | ---- | M] () -- C:\\Users\\jon\\Desktop\\SecurityCheck.exe

[2013/06/08 14:52:06 | 000,646,060 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2013/06/08 14:52:06 | 000,121,158 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 14:47:12 | 000,000,876 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/06/08 14:46:27 | 000,045,056 | ---- | M] () -- C:\\Windows\\System32\\acovcnt.exe

[2013/06/08 14:46:24 | 000,000,308 | ---- | M] () -- C:\\Windows\\tasks\\GlaryInitialize.job

[2013/06/08 14:45:22 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/06/08 09:28:31 | 000,002,140 | ---- | M] () -- C:\\Windows\\bthservsdp.dat

[2013/06/08 09:15:00 | 000,000,900 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job

[2013/06/08 09:01:17 | 000,000,880 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/06/08 07:50:53 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\\Users\\jon\\Desktop\\JRT.exe

[2013/06/08 07:49:52 | 122,496,639 | ---- | M] () -- C:\\Windows\\System32\\drivers\\AVG\\incavi.avm

[2013/06/08 07:49:18 | 000,640,135 | ---- | M] () -- C:\\Users\\jon\\Desktop\\AdwCleaner.exe

[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job

[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\\Windows\\tasks\\Google Software Updater.job

[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\\Windows\\wininit.ini

[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/08 14:53:49 | 000,890,839 | ---- | C] () -- C:\\Users\\jon\\Desktop\\SecurityCheck.exe

[2013/06/08 07:49:09 | 000,640,135 | ---- | C] () -- C:\\Users\\jon\\Desktop\\AdwCleaner.exe

[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\\Windows\\GPlrLanc.dat

[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\\Windows\\System32\\systeminfo3.dll

[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\ezpinst.exe

[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\\Windows\\System32\\BootMan.exe

[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\\Windows\\System32\\setupempdrv03.exe

[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\\Windows\\System32\\EuEpmGdi.dll

[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\\Windows\\System32\\epmntdrv.sys

[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\\Windows\\System32\\EuGdiDrv.sys

[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS

[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\\Windows\\System32\\DEVLOAD.EXE

[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\\Windows\\SWISV3.INI

[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\\Windows\\SKNIFE.INI

[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\\Windows\\SKLANG.INI

[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\\ProgramData\\Microsoft.SqlServer.Compact.351.32.bc

[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\default.pls

[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\\Users\\jon\\.rnd

[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PnkBstrK.sys

[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\UserTile.png

[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JPR.{PB

[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JCM.{PB

[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\inst.exe

[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.cat

[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.inf

[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\\Program Files\\Common Files\\CPInstallAction.dll

[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\\Program Files\\Common Files\\banner.jpg

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\\ProgramData\\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:DFC5A2B2

< End of report >

Tech Clinic / Please help! Malware

« on: June 08, 2013, 07:15:51 AM »

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 07:53:28

# Updated 06/06/2013 by Xplode

# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# User : jon - DARKO

# Boot Mode : Normal

# Running from : C:\\Users\\jon\\Desktop\\AdwCleaner.exe

# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\\Program Files\\Mozilla Firefox\\.autoreg

File Deleted : C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

File Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\daemon-search.xml

File Deleted : C:\\Windows\\system32\\conduitEngine.tmp

File Deleted : C:\\Windows\\Uninstall.exe

Folder Deleted : C:\\Program Files\\Coupon Companion Plugin

Folder Deleted : C:\\Program Files\\Search Toolbar

Folder Deleted : C:\\ProgramData\\InstallMate

Folder Deleted : C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TheBflix

Folder Deleted : C:\\ProgramData\\Premium

Folder Deleted : C:\\ProgramData\\Trymedia

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Coupon Companion Plugin

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Temp\\BabylonToolbar

Folder Deleted : C:\\Users\\jon\\AppData\\LocalLow\\AskSBar

Folder Deleted : C:\\Users\\jon\\AppData\\LocalLow\\Conduit

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\Conduit

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\ConduitCommon

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\ConduitEngine

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\CT2786678

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

***** [Registry] *****

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Crossrider

Key Deleted : HKCU\\Software\\InstalledBrowserExtensions

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\{37476589-E48E-439E-A706-56189E2ED4C4}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\AskSBar Uninstall

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\conduitEngine

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\Wajam

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\\Software\\Softonic

Key Deleted : HKCU\\Software\\YahooPartnerToolbar

Key Deleted : HKCU\\Software\\Zugo

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortApp.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortEng.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escorTlbr.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\secman.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\b

Key Deleted : HKLM\\SOFTWARE\\Classes\\bhoclass.bho.bhoclass.bho

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Conduit.Engine

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.BHO

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.BHO.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.Sandbox

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.Sandbox.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Prod.cap

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT2786678

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\\Software\\Conduit

Key Deleted : HKLM\\Software\\DeviceVM

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{21111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\063A857434EDED11A893800002C0A966

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\\\ Mozilla Firefox v3.5.9 (en-US)

File : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\prefs.js

C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\user.js ... Deleted !

Deleted : user_pref(\"CT2786678..clientLogIsEnabled\", false);

Deleted : user_pref(\"CT2786678.AppTrackingLastCheckTime\", \"Sat Dec 01 2012 18:55:37 GMT-0500 (Eastern Standard[...]

Deleted : user_pref(\"CT2786678.BrowserCompStateIsOpen_129575151151403741\", true);

Deleted : user_pref(\"CT2786678.BrowserCompStateIsOpen_129579220236217502\", true);

Deleted : user_pref(\"CT2786678.CTID\", \"CT2786678\");

Deleted : user_pref(\"CT2786678.CurrentServerDate\", \"23-5-2013\");

Deleted : user_pref(\"CT2786678.DialogsAlignMode\", \"LTR\");

Deleted : user_pref(\"CT2786678.DialogsGetterLastCheckTime\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref(\"CT2786678.DownloadReferralCookieData\", \"\");

Deleted : user_pref(\"CT2786678.EMailNotifierPollDate\", \"Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"CT2786678.FeedLastCount5690698542593514850\", 413);

Deleted : user_pref(\"CT2786678.FeedPollDate2429156812186649977\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813040823546\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813130095866\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813224203613\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813230837251\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813454291735\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813729834876\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813860870021\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156814264681793\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156814863075366\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156815257761081\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedTTL2429156813040823546\", 15);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813130095866\", 10);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813454291735\", 5);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813729834876\", 5);

Deleted : user_pref(\"CT2786678.FeedTTL2429156814264681793\", 5);

Deleted : user_pref(\"CT2786678.FirstServerDate\", \"12-8-2011\");

Deleted : user_pref(\"CT2786678.FirstTime\", true);

Deleted : user_pref(\"CT2786678.FirstTimeFF3\", true);

Deleted : user_pref(\"CT2786678.FixPageNotFoundErrors\", false);

Deleted : user_pref(\"CT2786678.GroupingServerCheckInterval\", 1440);

Deleted : user_pref(\"CT2786678.HasUserGlobalKeys\", true);

Deleted : user_pref(\"CT2786678.HomePageProtectorEnabled\", false);

Deleted : user_pref(\"CT2786678.Initialize\", true);

Deleted : user_pref(\"CT2786678.InitializeCommonPrefs\", true);

Deleted : user_pref(\"CT2786678.InstallationAndCookieDataSentCount\", 3);

Deleted : user_pref(\"CT2786678.InstallationType\", \"UnknownIntegration\");

Deleted : user_pref(\"CT2786678.InstalledDate\", \"Fri Aug 12 2011 14:15:58 GMT-0400 (Eastern Daylight Time)\");

Deleted : user_pref(\"CT2786678.IsAlertDBUpdated\", true);

Deleted : user_pref(\"CT2786678.IsGrouping\", false);

Deleted : user_pref(\"CT2786678.IsInitSetupIni\", true);

Deleted : user_pref(\"CT2786678.IsMulticommunity\", false);

Deleted : user_pref(\"CT2786678.IsOpenThankYouPage\", true);

Deleted : user_pref(\"CT2786678.IsOpenUninstallPage\", false);

Deleted : user_pref(\"CT2786678.LanguagePackLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref(\"CT2786678.LanguagePackReloadIntervalMM\", 1440);

Deleted : user_pref(\"CT2786678.LastLogin_3.5.0.12\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref(\"CT2786678.LatestVersion\", \"3.18.0.7\");

Deleted : user_pref(\"CT2786678.Locale\", \"en\");

Deleted : user_pref(\"CT2786678.MCDetectTooltipHeight\", \"83\");

Deleted : user_pref(\"CT2786678.MCDetectTooltipShow\", false);

Deleted : user_pref(\"CT2786678.MCDetectTooltipWidth\", \"295\");

Deleted : user_pref(\"CT2786678.MyStuffEnabledAtInstallation\", true);

Deleted : user_pref(\"CT2786678.OriginalFirstVersion\", \"3.5.0.12\");

Deleted : user_pref(\"CT2786678.SearchEngineBeforeUnload\", \"Bing\");

Deleted : user_pref(\"CT2786678.SearchFromAddressBarIsInit\", true);

Deleted : user_pref(\"CT2786678.SearchInNewTabEnabled\", true);

Deleted : user_pref(\"CT2786678.SearchInNewTabIntervalMM\", 1440);

Deleted : user_pref(\"CT2786678.SearchInNewTabLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Dayli[...]

Deleted : user_pref(\"CT2786678.SearchProtectorEnabled\", false);

Deleted : user_pref(\"CT2786678.SearchProtectorToolbarDisabled\", false);

Deleted : user_pref(\"CT2786678.ServiceMapLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref(\"CT2786678.SettingsLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"CT2786678.SettingsLastUpdate\", \"1369296774\");

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsInterval\", 504);

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsLastCheck\", \"Thu May 23 2013 14:11:19 GMT-0400 (Eastern Day[...]

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsLastUpdate\", \"1331805997\");

Deleted : user_pref(\"CT2786678.ToolbarShrinkedFromSetup\", false);

Deleted : user_pref(\"CT2786678.TrustedApiDomains\", \"conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref(\"CT2786678.UserID\", \"UN33213532962182557\");

Deleted : user_pref(\"CT2786678.ValidationData_Toolbar\", 0);

Deleted : user_pref(\"CT2786678.WeatherNetwork\", \"\");

Deleted : user_pref(\"CT2786678.WeatherPollDate\", \"Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Time)\");

Deleted : user_pref(\"CT2786678.WeatherUnit\", \"C\");

Deleted : user_pref(\"CT2786678.alertChannelId\", \"1178763\");

Deleted : user_pref(\"CT2786678.approveUntrustedApps\", false);

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e+x305\", \"247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e,x305\", \"247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e-x305\", \"247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e.:2z527\", \"247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e.x305\", \"247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e/x305\", \"247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e06cg5el8:\", \"6E6D6E716D6E7272746F\");

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e06cg5el;8i:k\", \"247E2D2F226A74737477737478787A75242F4B4947[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e0x305\", \"247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e1x305\", \"247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e2x305\", \"247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e3x305\", \"247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e4x305\", \"247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e5x305\", \"247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e6x305\", \"247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e7x305\", \"247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e8x305\", \"247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e9x305\", \"247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e:x305\", \"247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e;x305\", \"247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e<x305\", \"247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e=x305\", \"247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e>x305\", \"247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e?x305\", \"247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e@x305\", \"247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7eax305\", \"247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ebe3g=;d9n9=d\", \"372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ebx305\", \"247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ecx305\", \"247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7edx305\", \"247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7etx305\", \"247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b-0?3g>d\", \"3C3D6C6F404374457A45487276204C7D784D25222322502A26[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b-0?3g@6:5;\", \"\");

Deleted : user_pref(\"CT2786678.backendstorage./9b-3=3eccja=f>\", \"247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm\", \"6A696B7273747576\");

Deleted : user_pref(\"CT2786678.backendstorage./9b3=>@44i48?\", \"372C2D32697576334236334148477B213F3E484F4E4D464[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b5ba==9cjag\", \"6F3B716F6B7141457A70767948494C494E4A504D50\");

Deleted : user_pref(\"CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p\", \"6E6D6E716D6E72747173737175\");

Deleted : user_pref(\"CT2786678.backendstorage./9b9643g3/9e\", \"6A\");

Deleted : user_pref(\"CT2786678.backendstorage./9b<:222h64<\", \"393F352F3E\");

Deleted : user_pref(\"CT2786678.backendstorage./9b=+03eh8h8j?:\", \"4443\");

Deleted : user_pref(\"CT2786678.backendstorage./9b?+e2a52d8\", \"372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b?b0d:8aj62<h\", \"6D\");

Deleted : user_pref(\"CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?\", \"6E6B\");

Deleted : user_pref(\"CT2786678.backendstorage.cbcountry_001\", \"5553\");

Deleted : user_pref(\"CT2786678.backendstorage.cbfirsttime\", \"547565204D617220313320323031322031343A32373A34352[...]

Deleted : user_pref(\"CT2786678.backendstorage.scriptsource\", \"687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history\", \"687474703A2F2F746462616E6B2E636F6D2F6578632F68746[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history0001\", \"68747470733A2F2F7777772E676F6F676C652E636F6D3[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history_time\", \"31333133313733303230363331\");

Deleted : user_pref(\"CT2786678.components.1000034\", false);

Deleted : user_pref(\"CT2786678.components.1000234\", false);

Deleted : user_pref(\"CT2786678.components.129295698017012804\", false);

Deleted : user_pref(\"CT2786678.generalConfigFromLogin\", \"{\\\"ApiMaxAlerts\\\":\\\"12\\\",\\\"SocialDomains\\\":\\\"social.c[...]

Deleted : user_pref(\"CT2786678.globalFirstTimeInfoLastCheckTime\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern [...]

Deleted : user_pref(\"CT2786678.homepageProtectorEnableByLogin\", true);

Deleted : user_pref(\"CT2786678.initDone\", true);

Deleted : user_pref(\"CT2786678.isAppTrackingManagerOn\", false);

Deleted : user_pref(\"CT2786678.myStuffEnabled\", true);

Deleted : user_pref(\"CT2786678.myStuffPublihserMinWidth\", 400);

Deleted : user_pref(\"CT2786678.myStuffServiceIntervalMM\", 1440);

Deleted : user_pref(\"CT2786678.oldAppsList\", \"129295695672325902,129295695672325903,111,1000234,12978945045459[...]

Deleted : user_pref(\"CT2786678.searchProtectorDialogDelayInSec\", 10);

Deleted : user_pref(\"CT2786678.searchProtectorEnableByLogin\", true);

Deleted : user_pref(\"CT2786678.testingCtid\", \"\");

Deleted : user_pref(\"CT2786678.toolbarAppMetaDataLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.toolbarContextMenuLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.usagesFlag\", 2);

Deleted : user_pref(\"CommunityToolbar.EngineOwner\", \"ConduitEngine\");

Deleted : user_pref(\"CommunityToolbar.EngineOwnerGuid\", \"[email protected]\");

Deleted : user_pref(\"CommunityToolbar.EngineOwnerToolbarId\", \"conduitengine\");

Deleted : user_pref(\"CommunityToolbar.IsEngineShown\", true);

Deleted : user_pref(\"CommunityToolbar.IsMyStuffImportedToEngine\", true);

Deleted : user_pref(\"CommunityToolbar.LatestToolbarVersionInstalled\", \"3.5.0.12\");

Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwner\", \"ConduitEngine\");

Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwnerGuid\", \"[email protected]\");

Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwnerToolbarId\", \"conduitengine\");

Deleted : user_pref(\"CommunityToolbar.ToolbarsList\", \"ConduitEngine,CT2786678\");

Deleted : user_pref(\"CommunityToolbar.ToolbarsList2\", \"ConduitEngine,CT2786678\");

Deleted : user_pref(\"CommunityToolbar.ToolbarsList4\", \"CT2786678\");

Deleted : user_pref(\"CommunityToolbar.alert.alertDialogsGetterLastCheckTime\", \"Fri Aug 12 2011 14:15:58 GMT-04[...]

Deleted : user_pref(\"CommunityToolbar.alert.alertInfoInterval\", 1440);

Deleted : user_pref(\"CommunityToolbar.alert.alertInfoLastCheckTime\", \"Tue Mar 13 2012 14:27:47 GMT-0400 (Easte[...]

Deleted : user_pref(\"CommunityToolbar.alert.locale\", \"en\");

Deleted : user_pref(\"CommunityToolbar.alert.loginIntervalMin\", 1440);

Deleted : user_pref(\"CommunityToolbar.alert.loginLastCheckTime\", \"Tue Mar 13 2012 14:27:39 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CommunityToolbar.alert.loginLastUpdateTime\", \"1313487611\");

Deleted : user_pref(\"CommunityToolbar.alert.messageShowTimeSec\", 20);

Deleted : user_pref(\"CommunityToolbar.alert.showTrayIcon\", false);

Deleted : user_pref(\"CommunityToolbar.alert.userCloseIntervalMin\", 300);

Deleted : user_pref(\"CommunityToolbar.alert.userId\", \"b4637f22-1ac5-4709-9ebe-218a57da0a21\");

Deleted : user_pref(\"CommunityToolbar.facebook.settingsLastCheckTime\", \"Tue Mar 13 2012 14:27:41 GMT-0400 (Eas[...]

Deleted : user_pref(\"CommunityToolbar.globalUserId\", \"99c19bf0-9270-49a6-b2fc-e14eb69d56a2\");

Deleted : user_pref(\"CommunityToolbar.isAlertUrlAddedToFeedItemTable\", true);

Deleted : user_pref(\"CommunityToolbar.isClickActionAddedToFeedItemTable\", true);

Deleted : user_pref(\"CommunityToolbar.notifications.alertDialogsGetterLastCheckTime\", \"Thu May 23 2013 14:11:2[...]

Deleted : user_pref(\"CommunityToolbar.notifications.alertInfoInterval\", 60);

Deleted : user_pref(\"CommunityToolbar.notifications.alertInfoLastCheckTime\", \"Thu May 23 2013 14:11:28 GMT-040[...]

Deleted : user_pref(\"CommunityToolbar.notifications.locale\", \"en\");

Deleted : user_pref(\"CommunityToolbar.notifications.loginIntervalMin\", 1440);

Deleted : user_pref(\"CommunityToolbar.notifications.loginLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (E[...]

Deleted : user_pref(\"CommunityToolbar.notifications.loginLastUpdateTime\", \"1313487611\");

Deleted : user_pref(\"CommunityToolbar.notifications.messageShowTimeSec\", 20);

Deleted : user_pref(\"CommunityToolbar.notifications.showTrayIcon\", false);

Deleted : user_pref(\"CommunityToolbar.notifications.userCloseIntervalMin\", 300);

Deleted : user_pref(\"CommunityToolbar.notifications.userId\", \"01dc6a76-d9da-43a5-81be-a1ace04bd61f\");

Deleted : user_pref(\"ConduitEngine.AppTrackingLastCheckTime\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Dayl[...]

Deleted : user_pref(\"ConduitEngine.CTID\", \"ConduitEngine\");

Deleted : user_pref(\"ConduitEngine.DialogsGetterLastCheckTime\", \"Tue Mar 13 2012 14:27:44 GMT-0400 (Eastern Da[...]

Deleted : user_pref(\"ConduitEngine.FirstServerDate\", \"08/12/2011 21\");

Deleted : user_pref(\"ConduitEngine.FirstTime\", true);

Deleted : user_pref(\"ConduitEngine.FirstTimeFF3\", true);

Deleted : user_pref(\"ConduitEngine.FixPageNotFoundErrors\", false);

Deleted : user_pref(\"ConduitEngine.HasUserGlobalKeys\", true);

Deleted : user_pref(\"ConduitEngine.Initialize\", true);

Deleted : user_pref(\"ConduitEngine.InitializeCommonPrefs\", true);

Deleted : user_pref(\"ConduitEngine.InstallationType\", \"UnknownIntegration\");

Deleted : user_pref(\"ConduitEngine.InstalledDate\", \"Thu Jul 21 2011 16:16:56 GMT-0400 (Eastern Daylight Time)\"[...]

Deleted : user_pref(\"ConduitEngine.IsMulticommunity\", false);

Deleted : user_pref(\"ConduitEngine.IsOpenThankYouPage\", false);

Deleted : user_pref(\"ConduitEngine.IsOpenUninstallPage\", false);

Deleted : user_pref(\"ConduitEngine.LanguagePackLastCheckTime\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Day[...]

Deleted : user_pref(\"ConduitEngine.LastLogin_3.3.3.2\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"ConduitEngine.SearchFromAddressBarIsInit\", true);

Deleted : user_pref(\"ConduitEngine.SettingsLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref(\"ConduitEngine.UserID\", \"UN50266112501409237\");

Deleted : user_pref(\"ConduitEngine.engineLocale\", \"en-US\");

Deleted : user_pref(\"ConduitEngine.enngineContextMenuLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (Easte[...]

Deleted : user_pref(\"ConduitEngine.globalFirstTimeInfoLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (East[...]

Deleted : user_pref(\"ConduitEngine.initDone\", true);

Deleted : user_pref(\"ConduitEngine.isAppTrackingManagerOn\", true);

Deleted : user_pref(\"browser.babylon.HPOnNewTab\", \"search.babylon.com\");

Deleted : user_pref(\"browser.search.defaultenginename\", \"Search the web (Babylon)\");

Deleted : user_pref(\"browser.search.order.1\", \"Search the web (Babylon)\");

Deleted : user_pref(\"extensions.3499ur3ur4hfsudfs.scode\", \"\\n(function(){var bdomains={\\\"search.babylon.com\\\":[...]

Deleted : user_pref(\"extensions.BabylonToolbar.admin\", false);

Deleted : user_pref(\"extensions.BabylonToolbar.aflt\", \"babsst\");

Deleted : user_pref(\"extensions.BabylonToolbar.babExt\", \"\");

Deleted : user_pref(\"extensions.BabylonToolbar.babTrack\", \"affID=111387\");

Deleted : user_pref(\"extensions.BabylonToolbar.bbDpng\", 13);

Deleted : user_pref(\"extensions.BabylonToolbar.dfltLng\", \"en\");

Deleted : user_pref(\"extensions.BabylonToolbar.dfltSrch\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.hmpg\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.id\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar.instlDay\", \"15410\");

Deleted : user_pref(\"extensions.BabylonToolbar.instlRef\", \"sst\");

Deleted : user_pref(\"extensions.BabylonToolbar.lastDP\", 13);

Deleted : user_pref(\"extensions.BabylonToolbar.lastVrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar.mntrFFxVrsn\", \"3.5\");

Deleted : user_pref(\"extensions.BabylonToolbar.newTab\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.noFFXTlbr\", false);

Deleted : user_pref(\"extensions.BabylonToolbar.prdct\", \"BabylonToolbar\");

Deleted : user_pref(\"extensions.BabylonToolbar.propectorlck\", 70223315);

Deleted : user_pref(\"extensions.BabylonToolbar.prtkDS\", 1);

Deleted : user_pref(\"extensions.BabylonToolbar.prtkHmpg\", 1);

Deleted : user_pref(\"extensions.BabylonToolbar.prtnrId\", \"babylon\");

Deleted : user_pref(\"extensions.BabylonToolbar.ptch_0717\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.smplGrp\", \"none\");

Deleted : user_pref(\"extensions.BabylonToolbar.srcExt\", \"ss\");

Deleted : user_pref(\"extensions.BabylonToolbar.tlbrId\", \"base\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsn\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsni\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.aflt\", \"babsst\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.babExt\", \"\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.babTrack\", \"affID=111387\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.hardId\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.id\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.instlDay\", \"15410\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.instlRef\", \"sst\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.newTab\", false);

Deleted : user_pref(\"extensions.BabylonToolbar_i.prdct\", \"BabylonToolbar\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.prtnrId\", \"babylon\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.smplGrp\", \"none\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.srcExt\", \"ss\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.tlbrId\", \"base\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsn\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsni\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.crossriderapp21804.adsOldValue\", -1);

Deleted : user_pref(\"extensions.snipit.askTbInstalled\", true);

-\\\\ Google Chrome v27.0.1453.110

File : C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [34731 octets] - [08/06/2013 07:53:28]

########## EOF - C:\\AdwCleaner[S1].txt - [34792 octets] ##########

Tech Clinic / Please help! Malware

« on: June 08, 2013, 07:13:09 AM »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista (TM) Home Premium x86

Ran by jon on Sat 06/08/2013 at 8:08:04.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\clsid\\{22222222-2222-2222-2222-220222182204}

~~~ Files

Successfully deleted: [File] \"C:\\Windows\\system32\\turegopt.exe\"

~~~ Folders

Successfully deleted: [Folder] \"C:\\Users\\jon\\AppData\\Roaming\\microsoft\\windows\\start menu\\programs\\free ride games\"

~~~ FireFox

Successfully deleted: [File] C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\searchplugins\\bing-zugo.xml

Successfully deleted: [Folder] C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\extensions\\[email protected]

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\Extensions\\\\[email protected]

Successfully deleted the following from C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\prefs.js

user_pref(\"[email protected]\", true);

Emptied folder: C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Google\\Chrome\\Extensions\\jneaojaoiajhnemidnjhoempalnidbhj

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/08/2013 at 8:11:28.18

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tech Clinic / Please help! Malware

« on: June 07, 2013, 09:03:59 PM »

Here are both log files

OTL logfile created on: 6/7/2013 9:47:31 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free

9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\\Program Files\\Google\\Update\\1.3.21.145\\GoogleCrashHandler.exe

PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe