Author Topic: many problems (Read 913 times)

x_breath_x · « **on:** December 29, 2013, 09:02:43 PM »

well the first problem im having is my computer says rundll32 is not working when i boot up my computer. the second problem im having is my battery does not work on my laptop. when i unplug my power cord it immediately goes black and shuts down. and last when i try to do a log file it says \'for some reason your system denied write access to the host file. if any hijacked domains are in this file hijackthis may not be able to fix this. if that happens you need to edit the file yourself. to do this click start, run and type: notepad c:\\windows\\system32\\drivers\\etc\\hosts and press enter. find the line(s) hijackthis reports and delete them. save the file as \'hosts\' with quotes and reboot. for vista(which i have) simply , exit hijackthis, right click on the hijackthis icon, choos \'run as administrator\'. but i dont see a run as administrator option. and it does not allow me to get the log file either.

guestolo · « **Reply #1 on:** December 30, 2013, 06:21:53 PM »

Can you do the following: Forget about Hijackthis, we\'ll use other tools for now

Download http://oldtimer.geekstogo.com/OTL.exe\'>OTL.exe by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
Select \"Scan All Users\"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

x_breath_x · « **Reply #2 on:** January 04, 2014, 05:08:21 PM »

i apologize for taking so long. christmas and everything being hectic. here is the logs.

OTL.txt---

OTL logfile created on: 1/4/2014 3:47:32 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\norad\\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.32% Memory free

8.19 Gb Paging File | 5.48 Gb Available in Paging File | 66.85% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 284.11 Gb Total Space | 166.72 Gb Free Space | 58.68% Space Free | Partition Type: NTFS

Drive D: | 13.98 Gb Total Space | 2.13 Gb Free Space | 15.21% Space Free | Partition Type: NTFS

Drive E: | 30.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NORAD-PC | User Name: norad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/04 15:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\norad\\Desktop\\OTL.exe

PRC - [2013/12/16 03:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\\Program Files (x86)\\SearchProtect\\SearchProtect\\bin\\cltmng.exe

PRC - [2013/12/16 03:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\\Program Files (x86)\\SearchProtect\\UI\\bin\\cltmngui.exe

PRC - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\\Program Files (x86)\\SearchProtect\\Main\\bin\\CltMngSvc.exe

PRC - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) -- C:\\Program Files (x86)\\Highlightly\\Service\\hlsvc.exe

PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe

PRC - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

PRC - [2013/11/08 18:51:17 | 001,707,472 | ---- | M] (APN) -- C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe

PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe

PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe

PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\\Program Files (x86)\\Hewlett-Packard\\Media\\DVD\\DVDAgent.exe

PRC - [2008/09/25 20:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\Kernel\\CLML\\CLMLSvc.exe

PRC - [2008/09/25 20:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\TSMAgent.exe

PRC - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () -- C:\\Program Files (x86)\\SMINST\\BLService.exe

PRC - [2008/06/19 16:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BluetoothHeadsetProxy.exe

PRC - [1622/05/04 11:26:22 | 000,999,200 | ---- | M] (Conduit Ltd.) -- C:\\Users\\norad\\AppData\\Local\\NativeMessaging\\CT3306061\\1_0_0_6\\TBMessagingHost.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\PepperFlash\\pepflashplayer.dll

MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\pdf.dll

MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\Application\\31.0.1650.63\\ffmpegsumo.dll

MOD - [2013/10/26 14:47:18 | 000,978,944 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\f453ecc6bb7fc8d52d61247676944623\\System.Configuration.ni.dll

MOD - [2013/10/18 17:04:46 | 012,434,432 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\73d9bc894522543b561a0342dac87c06\\System.Windows.Forms.ni.dll

MOD - [2013/10/18 17:03:44 | 014,329,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\PresentationFramewo#\\f228cc72a6647716127cd44ca416e6dc\\PresentationFramework.ni.dll

MOD - [2013/10/18 17:03:02 | 012,218,880 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\PresentationCore\\b2482534bee5c520cdfe9c8f7df6a92f\\PresentationCore.ni.dll

MOD - [2013/10/18 17:02:31 | 003,325,440 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\WindowsBase\\c16ade1485996fa4981edc7df436a15b\\WindowsBase.ni.dll

MOD - [2013/08/15 02:45:58 | 000,998,400 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\e77e7cdf3072d5a658832b8863ff439e\\System.Management.ni.dll

MOD - [2013/08/15 02:44:54 | 000,771,584 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Runtime.Remo#\\b167ef6967ad27503c6ac6aabcef1aff\\System.Runtime.Remoting.ni.dll

MOD - [2013/08/15 02:44:52 | 000,627,712 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.EnterpriseSe#\\5ba1ebef462c4f9cb1a8fe05c0419d0e\\System.EnterpriseServices.ni.dll

MOD - [2013/08/15 02:44:52 | 000,627,200 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\9e0ade6fc2bcb5fbd4c8978bf92784a3\\System.Transactions.ni.dll

MOD - [2013/08/15 02:44:52 | 000,280,064 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.EnterpriseSe#\\5ba1ebef462c4f9cb1a8fe05c0419d0e\\System.EnterpriseServices.Wrapper.dll

MOD - [2013/08/15 02:38:19 | 005,462,016 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\09f5b3f7a363b742a73937e818595597\\System.Xml.ni.dll

MOD - [2013/08/15 02:37:56 | 001,593,344 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\c0df7e124d8d5e2821fd7d3921d404f7\\System.Drawing.ni.dll

MOD - [2013/08/15 02:37:43 | 006,622,208 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1eff630f4194c74287d1dd4a859693f7\\System.Data.ni.dll

MOD - [2013/08/15 02:36:46 | 007,977,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\d7153acb7b6ccb5a6a886d6f0ab732b1\\System.ni.dll

MOD - [2013/07/10 02:53:35 | 000,368,128 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\PresentationFramewo#\\af7b745f6a06b800c73f1556553fe331\\PresentationFramework.Aero.ni.dll

MOD - [2013/07/10 02:52:54 | 011,497,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\6a938df70a8b7996a3890b4f34c83906\\mscorlib.ni.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2009/04/11 00:28:21 | 000,368,640 | ---- | M] () -- C:\\Windows\\SysWOW64\\msjetoledb40.dll

MOD - [2009/04/10 20:04:15 | 000,113,664 | ---- | M] () -- C:\\Windows\\assembly\\GAC_32\\System.EnterpriseServices\\2.0.0.0__b03f5f7f11d50a3a\\System.EnterpriseServices.Wrapper.dll

MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll

MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll

MOD - [2008/09/30 17:56:06 | 000,032,768 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\Content.XmlSerializers.dll

MOD - [2008/09/30 17:52:02 | 000,007,168 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\RemotingClient.dll

MOD - [2008/09/30 17:52:00 | 000,057,344 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\Pillars\\PCAlerts\\PCAlertsPillar.dll

MOD - [2008/09/30 17:51:52 | 000,118,784 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\ECLibrary.dll

MOD - [2008/09/30 17:51:52 | 000,010,240 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\MessagingClients.dll

MOD - [2008/09/30 17:51:36 | 000,040,960 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\MessagingServer.dll

MOD - [2008/09/30 17:51:36 | 000,028,672 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\MessagingMessages.dll

MOD - [2008/09/30 17:51:36 | 000,005,632 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\MessagingInterface.dll

MOD - [2008/09/25 20:42:26 | 000,881,960 | ---- | M] () -- C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\Kernel\\CLML\\CLMediaLibrary.dll

MOD - [2008/06/29 17:10:18 | 000,028,672 | ---- | M] () -- C:\\Program Files (x86)\\CyberLink\\Shared files\\richvideops.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMService.exe -- (WDDMService)

SRV:64bit: - [2008/09/11 05:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\\Windows\\SysNative\\DriverStore\\FileRepository\\stwrt64.inf_bd5387da\\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/06/27 09:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\\Windows\\SysNative\\DriverStore\\FileRepository\\stwrt64.inf_bd5387da\\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\\Windows\\SysNative\\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\Windows\\SysNative\\agr64svc.exe -- (AgereModemAudio)

SRV - [2013/12/28 12:22:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\\Program Files (x86)\\SearchProtect\\Main\\bin\\CltMngSvc.exe -- (CltMngSvc)

SRV - [2013/12/04 13:46:36 | 000,273,000 | ---- | M] (Highlightly) [Auto | Running] -- C:\\Program Files (x86)\\Highlightly\\Service\\hlsvc.exe -- (hlsvc)

SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/11/08 18:51:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\apnmcp.exe -- (APNMCP)

SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe -- (avgwd)

SRV - [2013/06/21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\\Program Files (x86)\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/09/23 13:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\SMINST\\BLService.exe -- (Recovery Service for Windows)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/04 13:46:36 | 000,058,256 | ---- | M] (Highlightly) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\hlnfd.sys -- (hlnfd)

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgdiska.sys -- (Avgdiska)

DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\DRIVERS\\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\Drivers\\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\DRIVERS\\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/03/31 10:26:20 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\NETw5v64.sys -- (NETw5v64)

DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\DRIVERS\\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2008/09/11 05:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/08/05 21:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2008/07/22 09:42:34 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/07/21 04:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/06/23 05:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2008/06/23 05:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2008/06/23 05:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2008/04/28 19:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\enecir.sys -- (enecir)

DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\DRIVERS\\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\DRIVERS\\NETw3v64.sys -- (NETw3v64)

DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\DRIVERS\\sdbus.sys -- (sdbus)

DRV:64bit: - [2008/01/18 05:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\DRIVERS\\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\DRIVERS\\yk60x64.sys -- (yukonx64)

DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\\Program Files (x86)\\Hewlett-Packard\\Media\\DVD\\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {5D9FA932-8D8C-40EC-9192-A538B6854A52}

IE:64bit: - HKLM\\..\\SearchScopes\\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: \"URL\" = http://www.ask.com/web?q=\'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE:64bit: - HKLM\\..\\SearchScopes\\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: \"URL\" = http://search.live.com/results.aspx?q=\'>http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\\..\\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\\Program Files (x86)\\Connect_DLC_5\\prxtbConn.dll (Conduit Ltd.)

IE - HKLM\\..\\SearchScopes,DefaultScope = {3E37E123-445C-4848-8E34-279F96B6BD39}

IE - HKLM\\..\\SearchScopes\\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: \"URL\" = http://www.ask.com/web?q=\'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\\..\\SearchScopes\\{5815a829-6908-46b0-8b10-0036b333371e}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2

IE - HKLM\\..\\SearchScopes\\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: \"URL\" = http://search.live.com/results.aspx?q=\'>http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb\'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://search.conduit.com/?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN60480715371022752&UM=2&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445&S41CIE%C2\'>

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\\Program Files (x86)\\Connect_DLC_5\\prxtbConn.dll (Conduit Ltd.)

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\searchhook.dll (APN LLC.)

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: \"URL\" = http://search.conduit.com/Results.aspx?ctid=CT3306061&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN60480715371022752&UM=2&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445&q={searchTerms}&S41CIE

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{3CF2481F-854A-41B7-9CDF-7113C60591B3}: \"URL\" = http://www.ask.com/web?q=\'>http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{3E37E123-445C-4848-8E34-279F96B6BD39}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN60480715371022752&UM=2&SSPV=S41CIE

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{5815a829-6908-46b0-8b10-0036b333371e}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{5D9FA932-8D8C-40EC-9192-A538B6854A52}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\SearchScopes\\{F8067152-A584-4D16-8CF3-7CA33368DB75}: \"URL\" = http://www.search.ask.com/web?p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&o=APN11405&tpid=ORJ-V7C&apn_uid=98FEE29B-2807-46A4-BCCA-E22DA68281B8&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16526&doi=2013-12-29&trgb=IE&q=\'>http://www.search.ask.com/web?p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.7.0.15&o=APN11405&tpid=ORJ-V7C&apn_uid=98FEE29B-2807-46A4-BCCA-E22DA68281B8&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16526&doi=2013-12-29&trgb=IE&q={searchTerms}&psv=

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

========== FireFox ==========

FF - prefs.js..CT3309759.browser.search.defaultthis.engineName: \"true\"

FF - prefs.js..browser.search.defaultthis.engineName: \"Swirlz Customized Web Search\"

FF - prefs.js..browser.search.defaulturl: \"http://search.conduit.com/ResultsExt.aspx?ctid=CT3309759&CUI=UN13684102622579569&UM=2&SearchSource=3&q=\'>http://search.conduit.com/ResultsExt.aspx?ctid=CT3309759&CUI=UN13684102622579569&UM=2&SearchSource=3&q={searchTerms}&sspv=S41A\"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.119

FF - prefs.js..extensions.enabledAddons: %7B4cb3c467-0d72-44e6-9237-750b9b8b5ac9%7D:10.23.0.726

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116

FF - prefs.js..extensions.enabledAddons: gethighlightly%40gethighlightly.com:1.9.0.0

FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.93.148

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files (x86)\\Java\\jre7\\bin\\new_plugin\\npjp2.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\norad\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\norad\\AppData\\Local\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Hewlett-Packard\\SmartPrint\\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\[email protected] [2013/12/28 12:57:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Thunderbird\\Extensions\\\\[email protected]: C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\Mozilla Thunderbird

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\EXTENSIONS\\\\{57c20073-e24b-4b2a-aa91-70d1ad526cbf}: C:\\Program Files (x86)\\PassShow\\150.xpi [2013/12/29 15:32:22 | 000,011,866 | ---- | M] ()

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\EXTENSIONS\\\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\\Users\\norad\\AppData\\Local\\GreatArcadeHits\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\\ [2013/12/29 15:32:54 | 000,000,000 | ---D | M]

[2009/06/07 10:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Extensions

[2013/12/29 14:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions

[2010/05/25 18:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2013/12/28 12:25:02 | 000,000,000 | ---D | M] (Swirlz) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\{4cb3c467-0d72-44e6-9237-750b9b8b5ac9}

[2013/08/23 16:34:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2013/12/28 11:41:17 | 000,000,000 | ---D | M] (\"weDownload Manager\") -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com

[2013/12/28 12:12:33 | 000,000,000 | ---D | M] (\"Plus-HD-1.2\") -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com

[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\\extensionData

[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\\extensionData\\plugins

[2013/12/29 13:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\\extensionData\\userCode

[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\\extensionData

[2013/12/28 11:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\\extensionData\\plugins

[2013/12/28 11:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\extensions\\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\\extensionData\\userCode

[2013/07/24 17:40:12 | 000,002,546 | ---- | M] () -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\searchplugins\\ask-search.xml

[2013/12/28 11:59:04 | 000,000,975 | ---- | M] () -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\searchplugins\\conduit-search.xml

[2013/12/28 12:25:05 | 000,001,017 | ---- | M] () -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\searchplugins\\conduit.xml

[2013/12/28 12:01:03 | 000,001,368 | ---- | M] () -- C:\\Users\\norad\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lf207zuh.default\\searchplugins\\iminent.xml

[2013/12/28 21:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013/12/28 12:57:48 | 000,000,000 | ---D | M] () -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\[email protected]

[2013/12/28 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2013/12/28 12:58:03 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/12/28 12:04:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q=%25s&SearchSource=49&CUI=UN38103571882760226&ctid=CT3306061&UM=2&sspv=&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445\'>http://search.conduit.com/Results.aspx?q=%s&SearchSource=49&CUI=UN38103571882760226&ctid=CT3306061&UM=2&sspv=&UP=SPCBA30609-FFB3-46F8-89FC-F54D4DAAD445

CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix=\'>http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},

CHR - Extension: Highlightly = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\cmclajginlihohopoeofghddnhpplhom\\1.9.0.0_1\\

CHR - Extension: PassShow = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dhogjnnleghndloamdkljhnhdchpcijl\\1.150_0\\

CHR - Extension: Connect DLC 5 = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lipgolpfajiadodbcbljdpmbmbdmfcil\\10.23.0.728_0\\

CHR - Extension: Connect DLC 5 = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lipgolpfajiadodbcbljdpmbmbdmfcil\\10.23.0.728_0\\nativeMessaging\\nmHost

CHR - Extension: Swirlz = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lmcedemcahkmaidbipmniofjcocajlgk\\10.24.3.503_0\\

CHR - Extension: Swirlz = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lmcedemcahkmaidbipmniofjcocajlgk\\10.24.3.503_0\\nativeMessaging\\nmHost

CHR - Extension: Google Wallet = C:\\Users\\norad\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_1\\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\\Program Files (x86)\\Plus-HD-1.2\\Plus-HD-1.2-bho64.dll File not found

O2:64bit: - BHO: (weDownload Manager) - {11111111-1111-1111-1111-110311431144} - C:\\Program Files (x86)\\weDownload Manager\\weDownload Manager-bho64.dll File not found

O2:64bit: - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport_x64.dll (APN LLC.)

O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\\Program Files\\Highlightly\\IE\\HighlightlyClientIE.dll (Highlightly)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\\Program Files (x86)\\Hp\\Smart Web Printing\\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (PassShow) - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\\Program Files (x86)\\PassShow\\150.dll ()

O2 - BHO: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport.dll (APN LLC.)

O2 - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\\Program Files (x86)\\Highlightly\\IE\\HighlightlyClientIE.dll (Highlightly)

O2 - BHO: (GreatArcadeHits Add-on) - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\\Users\\norad\\AppData\\Local\\GreatArcadeHits\\GreatArcadeHitsIE.dll (GreatArcadeHits)

O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\\Program Files (x86)\\Connect_DLC_5\\prxtbConn.dll (Conduit Ltd.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\\Program Files (x86)\\MSN\\Toolbar\\3.0.0541.0\\msneshellx.dll (Microsoft Corp.)

O3:64bit: - HKLM\\..\\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport_x64.dll (APN LLC.)

O3 - HKLM\\..\\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\\Program Files (x86)\\MSN\\Toolbar\\3.0.0541.0\\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\\..\\Toolbar: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport.dll (APN LLC.)

O3 - HKLM\\..\\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\\Program Files (x86)\\Connect_DLC_5\\prxtbConn.dll (Conduit Ltd.)

O3:64bit: - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\Toolbar\\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport_x64.dll (APN LLC.)

O3 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\Toolbar\\WebBrowser: (Ask Toolbar) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\ORJ-V7C\\Passport.dll (APN LLC.)

O3 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..\\Toolbar\\WebBrowser: (Connect DLC 5 Toolbar) - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} - C:\\Program Files (x86)\\Connect_DLC_5\\prxtbConn.dll (Conduit Ltd.)

O4:64bit: - HKLM..\\Run: [NvCplDaemon] C:\\Windows\\SysNative\\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\\Run: [NvMediaCenter] C:\\Windows\\SysNative\\NvMcTray.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\\Run: [SmartMenu] C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe (Hewlett-Packard)

O4:64bit: - HKLM..\\Run: [SysTrayApp] C:\\Program Files\\IDT\\WDM\\sttray64.exe (IDT, Inc.)

O4 - HKLM..\\Run: [ApnTBMon] C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe (APN)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [AVG_UI] C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [CLMLServer for HP TouchSmart] C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\Kernel\\CLML\\CLMLSvc.exe (CyberLink)

O4 - HKLM..\\Run: [DVDAgent] C:\\Program Files (x86)\\Hewlett-Packard\\Media\\DVD\\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [HP Health Check Scheduler] c:\\Program Files (x86)\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\\Run: [mobilegeni daemon] \"C:\\Program Files (x86)\\Mobogenie\\DaemonProcess.exe\" File not found

O4 - HKLM..\\Run: [TSMAgent] C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [UCam_Menu] C:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [UpdateLBPShortCut] C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [UpdateP2GoShortCut] C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [UpdatePDIRShortCut] C:\\Program Files (x86)\\CyberLink\\PowerDirector\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\\Run: [UpdatePSTShortCut] C:\\Program Files (x86)\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-19..\\Run: [WindowsWelcomeCenter] C:\\Windows\\SysWow64\\oobefldr.dll (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\Run: [WindowsWelcomeCenter] C:\\Windows\\SysWow64\\oobefldr.dll (Microsoft Corporation)

O4 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000..\\Run: [AVG-Secure-Search-Update_1213b] C:\\Users\\norad\\AppData\\Roaming\\AVG 1213b Campaign\\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8fab85a0119147d38b19d16d38c0aeb6-f4a11d3e10dbebc28f3e5788a17788f15546486a /CMPID=1213b File not found

O4 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000..\\Run: [HP Photosmart 6510 series (NET)] C:\\Program Files\\HP\\HP Photosmart 6510 series\\Bin\\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000..\\Run: [NextLive] C:\\Users\\norad\\AppData\\Roaming\\newnext.me\\nengine.dll (NewNextDotMe)

O4 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000..\\Run: [WMPNSCFG] C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O9:64bit: - Extra \'Tools\' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\\Program Files (x86)\\Hewlett-Packard\\SmartPrint\\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra \'Tools\' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\\Program Files (x86)\\Hewlett-Packard\\SmartPrint\\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\\Program Files (x86)\\Hp\\Smart Web Printing\\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\\Program Files (x86)\\Hp\\Smart Web Printing\\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O9 - Extra \'Tools\' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000008 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\\.DEFAULT\\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\\S-1-5-18\\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\\S-1-5-21-4000507275-1486089171-1974680742-1000\\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://unkmail2.unk.edu/dwa8W.cab\'>https://unkmail2.unk.edu/dwa8W.cab (Domino Web Access 8 Control)

O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab\'>http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{848D19DE-381B-4946-AF29-2D20A8A1E0E7}: DhcpNameServer = 66.168.128.20 24.205.224.36 68.190.192.35

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: DhcpNameServer = 74.40.74.40 74.40.74.41 192.168.254.254

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-itss - No CLSID value found

O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll) - C:\\Program Files (x86)\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll (Conduit)

O20:64bit: - AppInit_DLLs: (C:\\PROGRA~2\\OPTIMI~1\\OPTPRO~2.DLL) - File not found

O20 - AppInit_DLLs: (c:\\progra~2\\searchprotect\\searchprotect\\bin\\spvc32loader.dll) - c:\\Program Files (x86)\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll (Conduit)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\\Users\\norad\\AppData\\Roaming\\Microsoft\\Windows Photo Gallery\\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\\Users\\norad\\AppData\\Roaming\\Microsoft\\Windows Photo Gallery\\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\\{2e6a7335-2dc0-11de-be65-00247e244745}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{2e6a7335-2dc0-11de-be65-00247e244745}\\Shell\\AutoRun\\command - \"\" = F:\\LaunchU3.exe -a

O33 - MountPoints2\\{30da73e7-f32e-11df-b660-00247e244745}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{30da73e7-f32e-11df-b660-00247e244745}\\Shell\\AutoRun\\command - \"\" = G:\\LaunchU3.exe -a

O33 - MountPoints2\\{d4c18fac-d416-11df-91d0-00247e244745}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{d4c18fac-d416-11df-91d0-00247e244745}\\Shell\\AutoRun\\command - \"\" = \"G:\\WD SmartWare.exe\" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/04 15:46:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\norad\\Desktop\\OTL.exe

[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Trend Micro

[2013/12/29 19:47:58 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2013/12/29 15:33:29 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\.android

[2013/12/29 15:33:26 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\cache

[2013/12/29 15:33:23 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\newnext.me

[2013/12/29 15:33:22 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\genienext

[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\Documents\\Mobogenie

[2013/12/29 15:33:20 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\Mobogenie

[2013/12/29 15:32:54 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\GreatArcadeHits

[2013/12/29 15:32:35 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\AVG2014

[2013/12/29 15:32:22 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\PassShow

[2013/12/29 15:31:15 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Connect_DLC_5

[2013/12/29 15:30:46 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\AVG

[2013/12/29 15:30:43 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\TuneUp Software

[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\ToniArts

[2013/12/29 15:28:08 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\EasyCleaner

[2013/12/29 15:27:15 | 000,000,000 | -H-D | C] -- C:\\$AVG

[2013/12/29 15:27:15 | 000,000,000 | ---D | C] -- C:\\ProgramData\\AVG2014

[2013/12/29 15:25:03 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AVG

[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\MFAData

[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\\ProgramData\\MFAData

[2013/12/29 15:22:20 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\Avg2014

[2013/12/29 15:16:18 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2013/12/29 15:16:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2013/12/29 15:16:18 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2013/12/29 15:13:51 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Licenses

[2013/12/29 15:13:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SpywareBlaster

[2013/12/29 15:13:39 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SpywareBlaster

[2013/12/29 15:13:27 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SearchProtect

[2013/12/29 15:12:11 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\sweetpacks bundle uninstaller

[2013/12/29 15:03:33 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\AskPartnerNetwork

[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\\ProgramData\\AskPartnerNetwork

[2013/12/29 15:02:52 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AskPartnerNetwork

[2013/12/29 15:00:54 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Oracle

[2013/12/29 14:59:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2013/12/29 14:59:27 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2013/12/29 03:07:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\mshtmled.dll

[2013/12/29 03:07:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\mshtmled.dll

[2013/12/29 03:07:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieui.dll

[2013/12/29 03:07:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieui.dll

[2013/12/29 03:07:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieUnatt.exe

[2013/12/29 03:07:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieUnatt.exe

[2013/12/29 03:07:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\url.dll

[2013/12/29 03:07:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\url.dll

[2013/12/29 03:07:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\inetcpl.cpl

[2013/12/29 03:07:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\inetcpl.cpl

[2013/12/29 03:07:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeeds.dll

[2013/12/29 03:07:30 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript9.dll

[2013/12/29 03:07:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript.dll

[2013/12/29 03:07:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\jscript.dll

[2013/12/29 03:07:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\vbscript.dll

[2013/12/28 21:04:19 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\Activeris

[2013/12/28 21:00:29 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\QuickScan

[2013/12/28 12:57:48 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2013/12/28 12:29:59 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\Optimizer Pro

[2013/12/28 12:26:43 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\Plus-HD-1.2

[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Swirlz

[2013/12/28 12:26:02 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Conduit

[2013/12/28 12:25:29 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\NativeMessaging

[2013/12/28 12:25:25 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\Conduit

[2013/12/28 12:25:23 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\CRE

[2013/12/28 12:25:22 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Conduit

[2013/12/28 12:25:07 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Roaming\\SearchProtect

[2013/12/28 12:24:40 | 004,953,944 | ---- | C] (FLVMPlayer ) -- C:\\Users\\norad\\Desktop\\FLVMPlayer.exe

[2013/12/28 12:24:21 | 000,000,000 | ---D | C] -- C:\\Program Files\\Highlightly

[2013/12/28 12:24:20 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Highlightly

[2013/12/28 12:06:37 | 000,000,000 | ---D | C] -- C:\\Program Files\\Uninstaller

[2013/12/28 12:01:37 | 000,000,000 | ---D | C] -- C:\\Program Files\\Level Quality Watcher

[2013/12/28 11:57:43 | 000,000,000 | ---D | C] -- C:\\c335b1860269ab3a89494966

[2013/12/28 11:56:39 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\SwvUpdater

[2013/12/28 11:53:45 | 000,000,000 | ---D | C] -- C:\\Users\\norad\\AppData\\Local\\SearchProtect

[2013/12/28 11:52:07 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\scrrun.dll

[2013/12/28 11:52:07 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\cscript.exe

[2013/12/28 11:52:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wshom.ocx

[2013/12/28 11:52:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wshom.ocx

[2013/12/28 11:52:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\scrrun.dll

[2013/12/28 11:52:06 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\cscript.exe

[2013/12/28 11:52:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wshcon.dll

[2013/12/28 11:51:45 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\imagehlp.dll

[2013/12/28 11:50:53 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\SysFxUI.dll

[2013/12/28 11:50:53 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\portcls.sys

[2013/12/28 11:50:53 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\drmk.sys

[5 C:\\Users\\norad\\Documents\\*.tmp files -> C:\\Users\\norad\\Documents\\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/04 15:54:34 | 000,000,856 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-4000507275-1486089171-1974680742-1000Core.job

[2014/01/04 15:46:18 | 000,003,216 | -H-- | M] () -- C:\\Windows\\SysNative\\7

TheTechGuide Forum

News:

Author Topic: many problems (Read 913 times)

x_breath_x

many problems

guestolo

many problems

x_breath_x

many problems

x_breath_x

many problems

guestolo

many problems

guestolo

many problems