1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Need help with pop up removal and desktop

Discussion in 'Malware and Virus Removal Archive' started by yoruga, 2014/04/06.

  1. 2014/04/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  2. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    # AdwCleaner v3.023 - Report created 09/04/2014 at 14:13:17
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Taliah - RAWR
    # Running from : C:\Users\Taliah\Downloads\adwcleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\bProtector_extensions.rdf
    File Found : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\searchplugins\bProtect.xml
    File Found : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\user.js
    Folder Found C:\Program Files\DomaIQ Uninstaller
    Folder Found C:\Program Files\Movies Toolbar
    Folder Found C:\Program Files\Search Results Toolbar
    Folder Found C:\ProgramData\Ask
    Folder Found C:\ProgramData\Babylon
    Folder Found C:\ProgramData\BitGuard
    Folder Found C:\ProgramData\Browser Manager
    Folder Found C:\ProgramData\BrowserProtect
    Folder Found C:\ProgramData\Tarma Installer
    Folder Found C:\ProgramData\wincert
    Folder Found C:\Users\Taliah\AppData\Local\AVG Security Toolbar
    Folder Found C:\Users\Taliah\AppData\Local\torch
    Folder Found C:\Users\Taliah\AppData\LocalLow\AVG Security Toolbar
    Folder Found C:\Users\Taliah\AppData\LocalLow\searchresultstb
    Folder Found C:\Users\Taliah\AppData\Roaming\Babylon
    Folder Found C:\Users\Taliah\AppData\Roaming\eType
    Folder Found C:\Users\Taliah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType Manager
    Folder Found C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\Conduit

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\53edc8ab76dec12
    Key Found : HKCU\Software\APN DTX
    Key Found : HKCU\Software\AppDataLow\Software\DynConIE
    Key Found : HKCU\Software\DSNR Labs
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\installedbrowserextensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\torch
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\53edc8ab76dec12
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\speedupmypc
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
    Key Found : HKLM\Software\iLividSRTB
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Found : HKLM\Software\torch
    Key Found : HKLM\Software\Uniblue
    Key Found : HKLM\Software\Uniblue\DriverScanner
     

  3. to hide this advert.

  4. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.findwide.com/?guid={ECC66A08-048C-42DA-A564-2ED5D9A9F071}&serpv=22

    -\\ Mozilla Firefox v

    [ File : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\prefs.js ]

    Line Found : user_pref( "CT2405725.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
    Line Found : user_pref( "CT2405725.CTID ", "CT2405725 ");
    Line Found : user_pref( "CT2405725.CurrentServerDate ", "18-2-2011 ");
    Line Found : user_pref( "CT2405725.DialogsAlignMode ", "LTR ");
    Line Found : user_pref( "CT2405725.DownloadReferralCookieData ", "{\ "BannerName\ ":\ "\ ",\ "BannerTypeId\ ":\ "\ ",\ "BannerCulture\ ":\ "\ ",\ "DownloadTime\ ":\ "5/24/2010 10:52:16 AM\ ",\ "SourceId\ ":0,\ "ReferralUrl\ ":\ "hxxp://[...]
    Line Found : user_pref( "CT2405725.EMailNotifierPollDate ", "Fri Feb 18 2011 22:23:29 GMT+1000 ");
    Line Found : user_pref( "CT2405725.ExternalComponentPollDate129037795737775550 ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Found : user_pref( "CT2405725.ExternalComponentPollDate129234906609291505 ", "Fri Feb 18 2011 22:23:29 GMT+1000 ");
    Line Found : user_pref( "CT2405725.FirstServerDate ", "18-2-2011 ");
    Line Found : user_pref( "CT2405725.FirstTime ", true);
    Line Found : user_pref( "CT2405725.FirstTimeFF3 ", true);
    Line Found : user_pref( "CT2405725.FirstTimeSettingsDone ", true);
    Line Found : user_pref( "CT2405725.FixPageNotFoundErrors ", true);
    Line Found : user_pref( "CT2405725.GroupingServerCheckInterval ", 1440);
    Line Found : user_pref( "CT2405725.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
    Line Found : user_pref( "CT2405725.Initialize ", true);
    Line Found : user_pref( "CT2405725.InitializeCommonPrefs ", true);
    Line Found : user_pref( "CT2405725.InstallationAndCookieDataSentCount ", 3);
    Line Found : user_pref( "CT2405725.InstalledDate ", "Mon May 24 2010 18:01:30 GMT+1000 ");
    Line Found : user_pref( "CT2405725.InvalidateCache ", false);
    Line Found : user_pref( "CT2405725.IsGrouping ", false);
    Line Found : user_pref( "CT2405725.IsMulticommunity ", false);
    Line Found : user_pref( "CT2405725.IsOpenThankYouPage ", true);
    Line Found : user_pref( "CT2405725.IsOpenUninstallPage ", true);
    Line Found : user_pref( "CT2405725.LanguagePackLastCheckTime ", "Fri Feb 18 2011 22:23:30 GMT+1000 ");
    Line Found : user_pref( "CT2405725.LanguagePackReloadIntervalMM ", 1440);
    Line Found : user_pref( "CT2405725.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx ");
    Line Found : user_pref( "CT2405725.LastLogin_2.6.0.15 ", "Fri Feb 18 2011 22:23:36 GMT+1000 ");
    Line Found : user_pref( "CT2405725.LatestVersion ", "3.2.5.2 ");
    Line Found : user_pref( "CT2405725.Locale ", "en ");
    Line Found : user_pref( "CT2405725.LoginCache ", 4);
    Line Found : user_pref( "CT2405725.MCDetectTooltipHeight ", "83 ");
    Line Found : user_pref( "CT2405725.MCDetectTooltipShow ", false);
    Line Found : user_pref( "CT2405725.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
    Line Found : user_pref( "CT2405725.MCDetectTooltipWidth ", "295 ");
    Line Found : user_pref( "CT2405725.RadioIsPodcast ", false);
    Line Found : user_pref( "CT2405725.RadioLastCheckTime ", "Fri Feb 18 2011 22:23:28 GMT+1000 ");
    Line Found : user_pref( "CT2405725.RadioLastUpdateIPServer ", "3 ");
    Line Found : user_pref( "CT2405725.RadioLastUpdateServer ", "129015434478330000 ");
    Line Found : user_pref( "CT2405725.RadioMediaID ", "12853965 ");
    Line Found : user_pref( "CT2405725.RadioMediaType ", "Real Player ");
    Line Found : user_pref( "CT2405725.RadioMenuSelectedID ", "EBRadioMenu_CT240572512853965 ");
    Line Found : user_pref( "CT2405725.RadioShrinked ", "shrinked ");
    Line Found : user_pref( "CT2405725.RadioStationName ", "National%20-%20Radio%20Australia%20(Other) ");
    Line Found : user_pref( "CT2405725.RadioStationURL ", "hxxp://media4.abc.net.au/raflp ");
    Line Found : user_pref( "CT2405725.SHRINK_TOOLBAR ", 1);
    Line Found : user_pref( "CT2405725.SavedHomepage ", "hxxp://www.shinysearch.com/myhome.php?style=dark-angel&ltext=Texta%20XD ");
    Line Found : user_pref( "CT2405725.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405725&octid=EB_ORIGINAL_CTID&SearchSource=1 ");
    Line Found : user_pref( "CT2405725.SearchFromAddressBarIsInit ", true);
    Line Found : user_pref( "CT2405725.SearchInNewTabEnabled ", true);
    Line Found : user_pref( "CT2405725.SearchInNewTabIntervalMM ", 1440);
    Line Found : user_pref( "CT2405725.SearchInNewTabLastCheckTime ", "Fri Feb 18 2011 22:23:36 GMT+1000 ");
    Line Found : user_pref( "CT2405725.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID ");
    Line Found : user_pref( "CT2405725.SearchInNewTabUsageUrl ", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID ");
    Line Found : user_pref( "CT2405725.SettingsCheckIntervalMin ", 120);
    Line Found : user_pref( "CT2405725.SettingsLastCheckTime ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Found : user_pref( "CT2405725.SettingsLastUpdate ", "1297858348 ");
    Line Found : user_pref( "CT2405725.ThirdPartyComponentsInterval ", 504);
    Line Found : user_pref( "CT2405725.ThirdPartyComponentsLastCheck ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Found : user_pref( "CT2405725.ThirdPartyComponentsLastUpdate ", "1274683465 ");
    Line Found : user_pref( "CT2405725.TrusteLinkUrl ", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID ");
    Line Found : user_pref( "CT2405725.Uninstall ", true);
    Line Found : user_pref( "CT2405725.UserID ", "UN81458299146676234 ");
    Line Found : user_pref( "CT2405725.ValidationData_Search ", 0);
    Line Found : user_pref( "CT2405725.ValidationData_Toolbar ", 2);
    Line Found : user_pref( "CT2405725.WeatherNetwork ", " ");
    Line Found : user_pref( "CT2405725.WeatherPollDate ", "Fri Feb 18 2011 22:23:28 GMT+1000 ");
    Line Found : user_pref( "CT2405725.WeatherUnit ", "C ");
    Line Found : user_pref( "CT2405725.alertChannelId ", "800208 ");
    Line Found : user_pref( "CT2405725.clientLogIsEnabled ", true);
    Line Found : user_pref( "CT2405725.clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent ");
    Line Found : user_pref( "CT2405725.myStuffEnabled ", true);
    Line Found : user_pref( "CT2405725.myStuffPublihserMinWidth ", 400);
    Line Found : user_pref( "CT2405725.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID ");
    Line Found : user_pref( "CT2405725.myStuffServiceIntervalMM ", 1440);
    Line Found : user_pref( "CT2405725.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT ");
    Line Found : user_pref( "CT2405725.uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation ");
    Line Found : user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "hxxp://www.searchcanvas.com/web?ot=8&q= ");
    Line Found : user_pref( "CommunityToolbar.ToolbarsList ", "CT2405725 ");
    Line Found : user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2405725 ");
    Line Found : user_pref( "CommunityToolbar.alert.alertInfoInterval ", 60);
    Line Found : user_pref( "CommunityToolbar.alert.alertInfoLastCheckTime ", "Wed Jun 23 2010 07:56:19 GMT+1000 ");
    Line Found : user_pref( "CommunityToolbar.alert.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
    Line Found : user_pref( "CommunityToolbar.alert.locale ", "en ");
    Line Found : user_pref( "CommunityToolbar.alert.loginIntervalMin ", 1440);
    Line Found : user_pref( "CommunityToolbar.alert.loginLastCheckTime ", "Wed Jun 23 2010 07:56:17 GMT+1000 ");
    Line Found : user_pref( "CommunityToolbar.alert.loginLastUpdateTime ", "1234796400 ");
    Line Found : user_pref( "CommunityToolbar.alert.messageShowTimeSec ", 20);
    Line Found : user_pref( "CommunityToolbar.alert.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
     
    Last edited: 2014/04/08
  5. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    Line Found : user_pref( "CommunityToolbar.alert.showTrayIcon ", false);
    Line Found : user_pref( "CommunityToolbar.alert.userCloseIntervalMin ", 300);
    Line Found : user_pref( "CommunityToolbar.alert.userId ", "{825f6593-be1c-4762-9d2c-a5d46f75fffc} ");
    Line Found : user_pref( "CommunityToolbar.keywordURLSelectedCTID ", "CT2405725 ");
    Line Found : user_pref( "browser.search.defaultthis.engineName ", "Radio Bar 1 Customized Web Search ");
    Line Found : user_pref( "browser.search.selectedEngine ", "AVG Secure Search ");
    Line Found : user_pref( "browser.startup.homepage ", "hxxp://isearch.avg.com/?cid={64830D2C-0A0D-44DC-8ED2-2DB23CA7F9B7}&mid=d26fa9c087f9604c2b362f6a72b1836b-9a24c40f7f54d25237ecad17d1ae303f9372c825&lang=en&ds=AVG&p[...]
    Line Found : user_pref( "extensions.enabledItems ", "{3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.2191,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000[...]

    -\\ Google Chrome v

    [ File : C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [15503 octets] - [09/04/2014 14:13:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15564 octets] ##########
     
  6. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    woops my mistake forgot to clean before posting the log....
     
  7. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    # AdwCleaner v3.023 - Report created 09/04/2014 at 14:32:22
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Taliah - RAWR
    # Running from : C:\Users\Taliah\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    [#] Folder Deleted : C:\ProgramData\BitGuard
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    [#] Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\Program Files\DomaIQ Uninstaller
    Folder Deleted : C:\Program Files\Movies Toolbar
    Folder Deleted : C:\Program Files\Search Results Toolbar
    Folder Deleted : C:\Users\Taliah\AppData\Local\AVG Security Toolbar
    Folder Deleted : C:\Users\Taliah\AppData\Local\torch
    Folder Deleted : C:\Users\Taliah\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Taliah\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\Taliah\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Taliah\AppData\Roaming\eType
    Folder Deleted : C:\Users\Taliah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType Manager
    Folder Deleted : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\Conduit
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\bProtector_extensions.rdf
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\searchplugins\bProtect.xml
    File Deleted : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
    Key Deleted : HKCU\Software\53edc8ab76dec12
    Key Deleted : HKLM\SOFTWARE\53edc8ab76dec12
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-

    A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-

    2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\DSNR Labs
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\Software\torch
     
  8. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

    \08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v

    [ File : C:\Users\Taliah\AppData\Roaming\Mozilla\Firefox\Profiles\nex98oqn.default\prefs.js ]

    Line Deleted : user_pref( "CT2405725.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
    Line Deleted : user_pref( "CT2405725.CTID ", "CT2405725 ");
    Line Deleted : user_pref( "CT2405725.CurrentServerDate ", "18-2-2011 ");
    Line Deleted : user_pref( "CT2405725.DialogsAlignMode ", "LTR ");
    Line Deleted : user_pref( "CT2405725.DownloadReferralCookieData ", "{\ "BannerName\ ":\ "\ ",\ "BannerTypeId\ ":\ "\ ",

    \ "BannerCulture\ ":\ "\ ",\ "DownloadTime\ ":\ "5/24/2010 10:52:16 AM\ ",\ "SourceId\ ":0,\ "ReferralUrl\ ":\ "hxxp://[...]
    Line Deleted : user_pref( "CT2405725.EMailNotifierPollDate ", "Fri Feb 18 2011 22:23:29 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.ExternalComponentPollDate129037795737775550 ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.ExternalComponentPollDate129234906609291505 ", "Fri Feb 18 2011 22:23:29 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.FirstServerDate ", "18-2-2011 ");
    Line Deleted : user_pref( "CT2405725.FirstTime ", true);
    Line Deleted : user_pref( "CT2405725.FirstTimeFF3 ", true);
    Line Deleted : user_pref( "CT2405725.FirstTimeSettingsDone ", true);
    Line Deleted : user_pref( "CT2405725.FixPageNotFoundErrors ", true);
    Line Deleted : user_pref( "CT2405725.GroupingServerCheckInterval ", 1440);
    Line Deleted : user_pref( "CT2405725.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
    Line Deleted : user_pref( "CT2405725.Initialize ", true);
    Line Deleted : user_pref( "CT2405725.InitializeCommonPrefs ", true);
    Line Deleted : user_pref( "CT2405725.InstallationAndCookieDataSentCount ", 3);
    Line Deleted : user_pref( "CT2405725.InstalledDate ", "Mon May 24 2010 18:01:30 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.InvalidateCache ", false);
    Line Deleted : user_pref( "CT2405725.IsGrouping ", false);
    Line Deleted : user_pref( "CT2405725.IsMulticommunity ", false);
    Line Deleted : user_pref( "CT2405725.IsOpenThankYouPage ", true);
    Line Deleted : user_pref( "CT2405725.IsOpenUninstallPage ", true);
    Line Deleted : user_pref( "CT2405725.LanguagePackLastCheckTime ", "Fri Feb 18 2011 22:23:30 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.LanguagePackReloadIntervalMM ", 1440);
    Line Deleted : user_pref( "CT2405725.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx ");
    Line Deleted : user_pref( "CT2405725.LastLogin_2.6.0.15 ", "Fri Feb 18 2011 22:23:36 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.LatestVersion ", "3.2.5.2 ");
    Line Deleted : user_pref( "CT2405725.Locale ", "en ");
    Line Deleted : user_pref( "CT2405725.LoginCache ", 4);
    Line Deleted : user_pref( "CT2405725.MCDetectTooltipHeight ", "83 ");
    Line Deleted : user_pref( "CT2405725.MCDetectTooltipShow ", false);
    Line Deleted : user_pref( "CT2405725.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
    Line Deleted : user_pref( "CT2405725.MCDetectTooltipWidth ", "295 ");
    Line Deleted : user_pref( "CT2405725.RadioIsPodcast ", false);
    Line Deleted : user_pref( "CT2405725.RadioLastCheckTime ", "Fri Feb 18 2011 22:23:28 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.RadioLastUpdateIPServer ", "3 ");
    Line Deleted : user_pref( "CT2405725.RadioLastUpdateServer ", "129015434478330000 ");
    Line Deleted : user_pref( "CT2405725.RadioMediaID ", "12853965 ");
    Line Deleted : user_pref( "CT2405725.RadioMediaType ", "Real Player ");
    Line Deleted : user_pref( "CT2405725.RadioMenuSelectedID ", "EBRadioMenu_CT240572512853965 ");
    Line Deleted : user_pref( "CT2405725.RadioShrinked ", "shrinked ");
    Line Deleted : user_pref( "CT2405725.RadioStationName ", "National%20-%20Radio%20Australia%20(Other) ");
    Line Deleted : user_pref( "CT2405725.RadioStationURL ", "hxxp://media4.abc.net.au/raflp ");
    Line Deleted : user_pref( "CT2405725.SHRINK_TOOLBAR ", 1);
    Line Deleted : user_pref( "CT2405725.SavedHomepage ", "hxxp://www.shinysearch.com/myhome.php?style=dark-

    angel&ltext=Texta%20XD ");
     
  9. 2014/04/08
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    Line Deleted : user_pref( "CT2405725.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?

    q=UCM_SEARCH_TERM&ctid=CT2405725&octid=EB_ORIGINAL_CTID&SearchSource=1 ");
    Line Deleted : user_pref( "CT2405725.SearchFromAddressBarIsInit ", true);
    Line Deleted : user_pref( "CT2405725.SearchInNewTabEnabled ", true);
    Line Deleted : user_pref( "CT2405725.SearchInNewTabIntervalMM ", 1440);
    Line Deleted : user_pref( "CT2405725.SearchInNewTabLastCheckTime ", "Fri Feb 18 2011 22:23:36 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?

    ctid=EB_TOOLBAR_ID ");
    Line Deleted : user_pref( "CT2405725.SearchInNewTabUsageUrl ", "hxxp://Usage.Hosting.conduit-

    services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID ");
    Line Deleted : user_pref( "CT2405725.SettingsCheckIntervalMin ", 120);
    Line Deleted : user_pref( "CT2405725.SettingsLastCheckTime ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.SettingsLastUpdate ", "1297858348 ");
    Line Deleted : user_pref( "CT2405725.ThirdPartyComponentsInterval ", 504);
    Line Deleted : user_pref( "CT2405725.ThirdPartyComponentsLastCheck ", "Fri Feb 18 2011 22:23:27 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.ThirdPartyComponentsLastUpdate ", "1274683465 ");
    Line Deleted : user_pref( "CT2405725.TrusteLinkUrl ", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID ");
    Line Deleted : user_pref( "CT2405725.Uninstall ", true);
    Line Deleted : user_pref( "CT2405725.UserID ", "UN81458299146676234 ");
    Line Deleted : user_pref( "CT2405725.ValidationData_Search ", 0);
    Line Deleted : user_pref( "CT2405725.ValidationData_Toolbar ", 2);
    Line Deleted : user_pref( "CT2405725.WeatherNetwork ", " ");
    Line Deleted : user_pref( "CT2405725.WeatherPollDate ", "Fri Feb 18 2011 22:23:28 GMT+1000 ");
    Line Deleted : user_pref( "CT2405725.WeatherUnit ", "C ");
    Line Deleted : user_pref( "CT2405725.alertChannelId ", "800208 ");
    Line Deleted : user_pref( "CT2405725.clientLogIsEnabled ", true);
    Line Deleted : user_pref( "CT2405725.clientLogServiceUrl ",

    "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent ");
    Line Deleted : user_pref( "CT2405725.myStuffEnabled ", true);
    Line Deleted : user_pref( "CT2405725.myStuffPublihserMinWidth ", 400);
    Line Deleted : user_pref( "CT2405725.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?

    q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID ");
    Line Deleted : user_pref( "CT2405725.myStuffServiceIntervalMM ", 1440);
    Line Deleted : user_pref( "CT2405725.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?

    ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT ");
    Line Deleted : user_pref( "CT2405725.uninstallLogServiceUrl ",

    "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation ");
    Line Deleted : user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "hxxp://www.searchcanvas.com/web?ot=8&q= ");
    Line Deleted : user_pref( "CommunityToolbar.ToolbarsList ", "CT2405725 ");
    Line Deleted : user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2405725 ");
    Line Deleted : user_pref( "CommunityToolbar.alert.alertInfoInterval ", 60);
    Line Deleted : user_pref( "CommunityToolbar.alert.alertInfoLastCheckTime ", "Wed Jun 23 2010 07:56:19 GMT+1000 ");
    Line Deleted : user_pref( "CommunityToolbar.alert.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
    Line Deleted : user_pref( "CommunityToolbar.alert.locale ", "en ");
    Line Deleted : user_pref( "CommunityToolbar.alert.loginIntervalMin ", 1440);
    Line Deleted : user_pref( "CommunityToolbar.alert.loginLastCheckTime ", "Wed Jun 23 2010 07:56:17 GMT+1000 ");
    Line Deleted : user_pref( "CommunityToolbar.alert.loginLastUpdateTime ", "1234796400 ");
    Line Deleted : user_pref( "CommunityToolbar.alert.messageShowTimeSec ", 20);
    Line Deleted : user_pref( "CommunityToolbar.alert.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
    Line Deleted : user_pref( "CommunityToolbar.alert.showTrayIcon ", false);
    Line Deleted : user_pref( "CommunityToolbar.alert.userCloseIntervalMin ", 300);
    Line Deleted : user_pref( "CommunityToolbar.alert.userId ", "{825f6593-be1c-4762-9d2c-a5d46f75fffc} ");
    Line Deleted : user_pref( "CommunityToolbar.keywordURLSelectedCTID ", "CT2405725 ");
    Line Deleted : user_pref( "browser.search.defaultthis.engineName ", "Radio Bar 1 Customized Web Search ");
    Line Deleted : user_pref( "browser.search.selectedEngine ", "AVG Secure Search ");
    Line Deleted : user_pref( "browser.startup.homepage ", "hxxp://isearch.avg.com/?cid={64830D2C-0A0D-44DC-8ED2-

    2DB23CA7F9B7}&mid=d26fa9c087f9604c2b362f6a72b1836b-

    9a24c40f7f54d25237ecad17d1ae303f9372c825&lang=en&ds=AVG&p[...]
    Line Deleted : user_pref( "extensions.enabledItems ", "{3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.2191,{CAFEEFAC-0016-

    0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{CAFEEFAC-0016-0000[...]

    -\\ Google Chrome v

    [ File : C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [15645 octets] - [09/04/2014 14:13:17]
    AdwCleaner[S0].txt - [15848 octets] - [09/04/2014 14:32:22]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15909 octets] ##########
     
  10. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    okay here is the JRT
     
  11. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Home Premium x86
    Ran by Taliah on Wed 09/04/2014 at 14:53:56.04
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\etype
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93ADC3AB-20DC-406E-9709-DB94B6E8F99C}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{93ADC3AB-20DC-406E-9709-DB94B6E8F99C}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Taliah\appdata\locallow\datamngr "
    Successfully deleted: [Folder] "C:\Users\Taliah\appdata\locallow\file2linktemplate "



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\prefs.js

    user_pref( "blingee.guard.defaultengine_keyword_url ", "hxxp://www.searchcanvas.com/web?ot=8&q= ");
    user_pref( "blingee.guard.defaultengine_name ", "SearchCanvas ");
    Emptied folder: C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\minidumps [8 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 09/04/2014 at 15:01:15.47
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    OTL logfile created on: 9/04/2014 3:13:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taliah\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.77% Memory free
    3.87 Gb Paging File | 2.74 Gb Available in Paging File | 70.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 221.45 Gb Total Space | 153.15 Gb Free Space | 69.16% Space Free | Partition Type: NTFS
    Drive D: | 11.24 Gb Total Space | 1.89 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: RAWR | User Name: Taliah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/09 15:12:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Taliah\Downloads\OTL.exe
    PRC - [2014/04/07 12:17:24 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/04/07 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    PRC - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2013/10/01 22:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/08/02 10:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/01/29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    PRC - [2013/01/29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/22 11:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
    PRC - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/04/07 12:17:26 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/02/15 13:36:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
    MOD - [2014/02/15 13:30:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
    MOD - [2014/02/15 13:29:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/15 13:29:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e7f89023dcc954bd60aae760fd63b8b7\System.Data.ni.dll
    MOD - [2014/02/15 13:29:30 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
    MOD - [2014/02/15 13:29:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/02/15 13:28:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/02/15 13:28:47 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
    MOD - [2014/02/15 13:28:45 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
    MOD - [2014/02/15 13:28:24 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
    MOD - [2014/02/15 13:28:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\63cd84f7b5c30e74ac93144f39ba4037\System.Xml.ni.dll
    MOD - [2014/02/15 13:28:08 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/15 13:28:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/15 13:27:30 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2014/01/27 18:38:04 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2010/11/05 11:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/07/16 10:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/07/16 10:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/07/16 10:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/07/16 10:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/07/16 10:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/07/16 10:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/07/16 10:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/07/16 10:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/06/18 04:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/06/18 04:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/06/18 04:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


    ========== Services (SafeList) ==========

    SRV - [2014/04/07 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/03/15 10:56:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
    SRV - [2014/03/01 13:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/01 22:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/10/01 07:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/04/28 21:38:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
    SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2014/04/09 14:53:05 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - [2014/04/08 19:48:57 | 000,075,480 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2014/04/07 12:17:29 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/04/07 12:17:29 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/04/07 12:17:29 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/04/07 12:17:29 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/04/07 12:17:29 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/04/07 12:17:29 | 000,067,264 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/04/07 12:17:29 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
    DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2014/03/27 22:43:51 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\wStLib.sys -- (wStLib)
    DRV - [2013/08/21 19:53:42 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2013/02/19 23:02:47 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2010/12/02 12:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/03/02 16:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/22 11:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/07/14 08:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/25 04:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/05/26 22:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2009/04/30 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/04/07 11:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/11/20 14:29:00 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 5C 29 9B D9 8A CC 01 [binary data]
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=825
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{188DD655-43C7-4947-88FC-6BA2E9DBB040}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{25107C24-F015-4F20-912E-B44B05F15704}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{F3EF8F74-7451-4D3E-BC94-D80D63F450CD}: "URL" = http://search.findwide.com/serp?guid={ECC66A08-048C-42DA-A564-2ED5D9A9F071}&action=default_search&serpv=22&k={searchTerms}
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q= "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)


    [2010/01/21 10:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taliah\AppData\Roaming\mozilla\Extensions
    [2014/04/07 15:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions
    [2012/12/22 00:42:49 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2014/03/16 23:46:04 | 000,000,000 | ---D | M] (FindWide Toolbar) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions\toolbar10815@findwide.com
    [2011/03/04 07:21:27 | 000,001,827 | ---- | M] () -- C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\searchplugins\bing.xml
    [2013/02/20 00:09:18 | 000,005,411 | ---- | M] () -- C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\searchplugins\searchcanvas.xml
    [2013/02/20 21:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/21 22:49:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/24 00:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/01/28 10:53:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/04/09 23:38:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/04 10:57:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/11/28 18:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/11/20 08:04:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\TALIAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX98OQN.DEFAULT\EXTENSIONS\TOOLBAR10815@FINDWIDE.COM.XPI

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://ninemsn.com.au/
    CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft Corp. DRM Netscape Plugin (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
    CHR - Extension: FindWide Toolbar = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaenmbfiffffkbabndmpmpghcbnchof\1.0.0.0_0\
    CHR - Extension: YouTube = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! Online Security = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
    CHR - Extension: Google Wallet = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/04/09 10:59:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-AU\local\search.html ()
    O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.235.14 211.29.132.12 198.142.0.51
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5119E7D9-5C9F-4042-95DC-23D6F751CEE9}: DhcpNameServer = 198.142.235.14 211.29.132.12 198.142.0.51
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/09 14:47:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/09 14:13:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/09 11:58:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/04/09 10:19:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/04/09 10:19:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/04/09 10:19:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/04/09 10:18:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2014/04/09 10:16:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/04/09 10:15:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/04/08 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\Taliah\Downloads\Desktop\limpiando
    [2014/04/08 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/04/08 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Taliah\Downloads\Desktop\mbar
    [2014/04/07 15:16:56 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/04/07 15:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/07 15:16:09 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/07 15:16:09 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/07 15:16:09 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/04/07 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/04/07 15:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/07 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Taliah\AppData\Roaming\AVAST Software
    [2014/04/07 12:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/04/07 12:17:51 | 000,067,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/07 12:17:48 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/07 12:17:47 | 000,411,552 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/07 12:17:45 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/07 12:17:44 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/07 12:17:36 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/07 12:17:28 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/07 12:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/04/07 12:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/06 15:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2014/03/27 22:43:51 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
    [2014/03/16 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Laflurla
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/04/09 15:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/09 14:59:29 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/09 14:59:29 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/09 14:59:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
    [2014/04/09 14:53:27 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2014/04/09 14:53:05 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/04/09 14:52:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/09 14:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/09 14:51:50 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/09 14:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/09 14:44:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
    [2014/04/09 10:59:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/04/08 22:52:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTaliah.job
    [2014/04/08 22:44:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
    [2014/04/08 20:59:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
    [2014/04/08 19:48:57 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/07 15:16:19 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/07 12:19:20 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/07 12:17:29 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/07 12:17:29 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/07 12:17:29 | 000,180,760 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/07 12:17:29 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/07 12:17:29 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/07 12:17:29 | 000,067,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/07 12:17:29 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/04/07 12:17:28 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/07 12:17:28 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/03/27 22:43:51 | 000,052,920 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
    [2014/03/27 22:36:33 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRAWR$.job
    [2014/03/15 11:21:31 | 000,425,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/04/09 10:19:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/04/09 10:19:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/04/09 10:19:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/04/09 10:19:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/04/09 10:19:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/04/07 15:16:19 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/07 12:19:20 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/07 12:17:50 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/07 12:17:47 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/08/08 07:31:31 | 000,123,757 | ---- | C] () -- C:\Users\Taliah\Uniform Pricelist 2013 Years 11 and 12.pdf
    [2013/03/22 22:27:23 | 000,001,420 | ---- | C] () -- C:\Users\Taliah\_setup.xml
    [2013/02/14 21:02:28 | 000,425,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/02/27 19:55:35 | 000,001,849 | ---- | C] () -- C:\Users\Taliah\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/15 17:31:02 | 000,006,144 | ---- | C] () -- C:\Users\Taliah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/02 10:47:19 | 000,000,000 | ---- | C] () -- C:\Users\Taliah\AppData\Local\prvlcl.dat
    [2009/09/25 18:45:03 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    " " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/12/22 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Ad-Aware Antivirus
    [2014/04/07 12:19:42 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\AVAST Software
    [2011/09/22 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\funkitron
    [2012/11/29 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Leadertech
    [2012/12/02 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Memeo
    [2013/03/23 16:56:30 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\player
    [2010/12/30 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\PlayFirst
    [2013/03/23 09:10:23 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\TFP
    [2013/10/29 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\TuneUp Software
    [2010/11/21 14:47:20 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\WildTangent
    [2009/12/24 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Windows Live Writer
    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Taliah\Downloads\Desktop\Avatar 2009.avi:TOC.WMV

    < End of report >
     
  13. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    OTL logfile created on: 9/04/2014 3:13:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taliah\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.77% Memory free
    3.87 Gb Paging File | 2.74 Gb Available in Paging File | 70.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 221.45 Gb Total Space | 153.15 Gb Free Space | 69.16% Space Free | Partition Type: NTFS
    Drive D: | 11.24 Gb Total Space | 1.89 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: RAWR | User Name: Taliah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/09 15:12:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Taliah\Downloads\OTL.exe
    PRC - [2014/04/07 12:17:24 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/04/07 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    PRC - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2013/10/01 22:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/08/02 10:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/01/29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    PRC - [2013/01/29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/22 11:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
    PRC - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/04/07 12:17:26 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/02/15 13:36:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
    MOD - [2014/02/15 13:30:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
    MOD - [2014/02/15 13:29:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
    MOD - [2014/02/15 13:29:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e7f89023dcc954bd60aae760fd63b8b7\System.Data.ni.dll
    MOD - [2014/02/15 13:29:30 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
    MOD - [2014/02/15 13:29:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/02/15 13:28:51 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/02/15 13:28:47 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll
    MOD - [2014/02/15 13:28:45 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
    MOD - [2014/02/15 13:28:24 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
    MOD - [2014/02/15 13:28:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\63cd84f7b5c30e74ac93144f39ba4037\System.Xml.ni.dll
    MOD - [2014/02/15 13:28:08 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
    MOD - [2014/02/15 13:28:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/15 13:27:30 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
    MOD - [2014/01/27 18:38:04 | 000,037,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2010/11/05 11:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/07/16 10:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/07/16 10:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/07/16 10:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/07/16 10:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/07/16 10:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/07/16 10:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/07/16 10:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/07/16 10:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/06/18 04:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/06/18 04:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/06/18 04:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


    ========== Services (SafeList) ==========

    SRV - [2014/04/07 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/03/15 10:56:20 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
    SRV - [2014/03/01 13:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/12/19 04:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/01 22:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/10/01 07:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/04/28 21:38:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/22 11:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
    SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/28 12:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/03 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2014/04/09 14:53:05 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - [2014/04/08 19:48:57 | 000,075,480 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2014/04/07 12:17:29 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/04/07 12:17:29 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/04/07 12:17:29 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/04/07 12:17:29 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/04/07 12:17:29 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/04/07 12:17:29 | 000,067,264 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/04/07 12:17:29 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
    DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2014/03/27 22:43:51 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\wStLib.sys -- (wStLib)
    DRV - [2013/08/21 19:53:42 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2013/02/19 23:02:47 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
    DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2010/12/02 12:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/03/02 16:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/22 11:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/07/14 08:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/25 04:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/05/26 22:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2009/04/30 01:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2009/04/07 11:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/11/20 14:29:00 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 5C 29 9B D9 8A CC 01 [binary data]
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=825
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{188DD655-43C7-4947-88FC-6BA2E9DBB040}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10815
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{25107C24-F015-4F20-912E-B44B05F15704}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{F3EF8F74-7451-4D3E-BC94-D80D63F450CD}: "URL" = http://search.findwide.com/serp?guid={ECC66A08-048C-42DA-A564-2ED5D9A9F071}&action=default_search&serpv=22&k={searchTerms}
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q= "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Taliah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)


    [2010/01/21 10:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taliah\AppData\Roaming\mozilla\Extensions
    [2014/04/07 15:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions
    [2012/12/22 00:42:49 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2014/03/16 23:46:04 | 000,000,000 | ---D | M] (FindWide Toolbar) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\extensions\toolbar10815@findwide.com
    [2011/03/04 07:21:27 | 000,001,827 | ---- | M] () -- C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\searchplugins\bing.xml
    [2013/02/20 00:09:18 | 000,005,411 | ---- | M] () -- C:\Users\Taliah\AppData\Roaming\mozilla\firefox\profiles\nex98oqn.default\searchplugins\searchcanvas.xml
    [2013/02/20 21:30:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/21 22:49:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/24 00:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/01/28 10:53:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/04/09 23:38:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/04 10:57:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/11/28 18:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/11/20 08:04:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\TALIAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX98OQN.DEFAULT\EXTENSIONS\TOOLBAR10815@FINDWIDE.COM.XPI

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://ninemsn.com.au/
    CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Taliah\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
     
  14. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft Corp. DRM Netscape Plugin (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Taliah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Taliah\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
    CHR - Extension: FindWide Toolbar = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaenmbfiffffkbabndmpmpghcbnchof\1.0.0.0_0\
    CHR - Extension: YouTube = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! Online Security = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
    CHR - Extension: Google Wallet = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/04/09 10:59:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-AU\local\search.html ()
    O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.142.235.14 211.29.132.12 198.142.0.51
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5119E7D9-5C9F-4042-95DC-23D6F751CEE9}: DhcpNameServer = 198.142.235.14 211.29.132.12 198.142.0.51
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/09 14:47:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/09 14:13:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/09 11:58:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/04/09 10:19:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/04/09 10:19:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/04/09 10:19:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/04/09 10:18:43 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2014/04/09 10:16:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/04/09 10:15:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/04/08 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\Taliah\Downloads\Desktop\limpiando
    [2014/04/08 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/04/08 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Taliah\Downloads\Desktop\mbar
    [2014/04/07 15:16:56 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/04/07 15:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/07 15:16:09 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/07 15:16:09 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/07 15:16:09 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/04/07 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/04/07 15:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/07 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Taliah\AppData\Roaming\AVAST Software
    [2014/04/07 12:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/04/07 12:17:51 | 000,067,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/07 12:17:48 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/07 12:17:47 | 000,411,552 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/07 12:17:45 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/07 12:17:44 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/07 12:17:36 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/07 12:17:28 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/07 12:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/04/07 12:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/06 15:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2014/03/27 22:43:51 | 000,052,920 | ---- | C] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
    [2014/03/16 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Laflurla
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/04/09 15:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/04/09 14:59:29 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/09 14:59:29 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/09 14:59:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
    [2014/04/09 14:53:27 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2014/04/09 14:53:05 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/04/09 14:52:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/09 14:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/09 14:51:50 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/09 14:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/09 14:44:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000UA.job
    [2014/04/09 10:59:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/04/08 22:52:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTaliah.job
    [2014/04/08 22:44:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
    [2014/04/08 20:59:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1160702305-3582450622-2665941894-1000Core.job
    [2014/04/08 19:48:57 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/07 15:16:19 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/07 12:19:20 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/07 12:17:29 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/07 12:17:29 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/07 12:17:29 | 000,180,760 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/07 12:17:29 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/07 12:17:29 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/07 12:17:29 | 000,067,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/07 12:17:29 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/04/07 12:17:28 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/07 12:17:28 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/03/27 22:43:51 | 000,052,920 | ---- | M] (StdLib) -- C:\Windows\System32\drivers\wStLib.sys
    [2014/03/27 22:36:33 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRAWR$.job
    [2014/03/15 11:21:31 | 000,425,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/04/09 10:19:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/04/09 10:19:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/04/09 10:19:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/04/09 10:19:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/04/09 10:19:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/04/07 15:16:19 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/07 12:19:20 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/07 12:17:50 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/07 12:17:47 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/08/08 07:31:31 | 000,123,757 | ---- | C] () -- C:\Users\Taliah\Uniform Pricelist 2013 Years 11 and 12.pdf
    [2013/03/22 22:27:23 | 000,001,420 | ---- | C] () -- C:\Users\Taliah\_setup.xml
    [2013/02/14 21:02:28 | 000,425,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/02/27 19:55:35 | 000,001,849 | ---- | C] () -- C:\Users\Taliah\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/15 17:31:02 | 000,006,144 | ---- | C] () -- C:\Users\Taliah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/02 10:47:19 | 000,000,000 | ---- | C] () -- C:\Users\Taliah\AppData\Local\prvlcl.dat
    [2009/09/25 18:45:03 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    " " = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    " " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    " " = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/12/22 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Ad-Aware Antivirus
    [2014/04/07 12:19:42 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\AVAST Software
    [2011/09/22 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\funkitron
    [2012/11/29 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Leadertech
    [2012/12/02 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Memeo
    [2013/03/23 16:56:30 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\player
    [2010/12/30 16:12:37 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\PlayFirst
    [2013/03/23 09:10:23 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\TFP
    [2013/10/29 23:27:13 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\TuneUp Software
    [2010/11/21 14:47:20 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\WildTangent
    [2009/12/24 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\Taliah\AppData\Roaming\Windows Live Writer
    [2013/01/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Taliah\Downloads\Desktop\Avatar 2009.avi:TOC.WMV

    < End of report >
     
  15. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    OTL Extras logfile created on: 9/04/2014 3:13:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taliah\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.77% Memory free
    3.87 Gb Paging File | 2.74 Gb Available in Paging File | 70.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 221.45 Gb Total Space | 153.15 Gb Free Space | 69.16% Space Free | Partition Type: NTFS
    Drive D: | 11.24 Gb Total Space | 1.89 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: RAWR | User Name: Taliah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- "%1" %*
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "FirstRunDisabled" = 0
    "UacDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02344CDF-7660-4A59-A550-F407CABC6BB4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{0B41A26A-3623-4600-BE16-18CB85EF9553}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{0DC3ED4C-B37F-4FE6-8FF5-8D9E5DBCF4D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{12555084-D3B6-4286-9128-E2B7DEB77F5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1E8F44F2-FEB5-493C-B7F7-37BC8A08B035}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2B34700C-BA7B-4C91-BAB3-1A1A636B4AEC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{37426670-4457-4ED4-8ADF-320744361304}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{411E4FCB-7C3B-4807-BACF-060E58042538}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{41590C7F-21FE-4A87-A35E-8A7571B51F02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{42B5E9A5-E46F-450B-BF32-884B06DAEA13}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{48AB4B8D-B2A9-4032-92DE-227B1CA64333}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{50334650-707E-4679-BEC5-F7150B3ACBA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{574346FE-858D-4A65-BEE5-3C7206600004}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{642C93EA-8878-4C28-A97D-A9172868A510}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{64D140D2-0A0A-4F63-A511-E96BA802294D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{66C0B36C-0D93-4B4C-93F4-4CFD74A15CE6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{71C0EE82-E11A-4A7C-B4D3-057F66FAE975}" = rport=138 | protocol=17 | dir=out | app=system |
    "{741FD7EB-6E89-4CB7-914F-43316D6C83E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9554A19D-9DAE-4905-BDCF-8F65989C3FE0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9AC729A4-D3AB-4402-93F4-1EBB4FFC87B4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A4BA7508-D36C-458A-88E9-7339A5C2A653}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AAFFBE3C-D85D-44F3-8304-A1E33429B786}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CC3DCE2E-2203-4A67-9138-95003373FA0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DBA29383-4C5F-4BC0-AF2D-56A6E477A8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ED091868-9EE1-417E-BD61-CC8D1AABC21D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{F721E3FF-2C55-4799-8FBA-87CCC6CA94D6}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{043A00E1-2434-48B7-8AD8-B602ACE3C0E1}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
    "{06376EB0-7976-49A3-BDE6-E45AFD642F20}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{088650ED-6E63-4F7C-AA88-B5720B6186DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{10B3CF1E-957E-4FB9-A021-0EA26840AD15}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{1BD2A775-5402-45BF-A086-6AC433A1306A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1EC6AE15-6142-4730-959E-A24454751A81}" = protocol=6 | dir=out | app=system |
    "{28BF6290-585E-4D0F-8585-DE559F13A856}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2F44819E-1C01-433A-83C8-4E2EE7D109FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{30B7AE53-0AC4-4B8D-961F-1E0CE9E7BB66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3271B2F6-E35B-4962-80AC-431EB920A3D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{361F0DEF-D6FE-4874-B673-1FC4188A77DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{37CB091C-BC4D-463A-839A-982E2C326169}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
    "{38B780E7-E532-41E8-A5E3-E47E6BB7542B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{3A6692B5-E1BD-4921-BBDC-FCC9579B4602}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{3F55E759-452F-4229-A97F-648995E3B4F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4DFD5F99-7FA7-4879-B312-CD6DE85D6D1A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{5EA5AF6D-BA1F-42B6-A6F1-357ABB5BF186}" = dir=in | app=c:\users\taliah\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{6209808B-3923-4DE3-9EDD-7949DD248415}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{63D0BF9C-22CD-4067-8B94-E5101043D4B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{685E99B6-0AA5-4478-8E7F-589E049C1634}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6964AD78-A588-4849-838F-59442937F7E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{69F50ECD-6DCF-468F-B6EC-973F0973B254}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{7FA36813-8226-4B7A-B557-157FAE02894F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{80F21248-2420-4662-8D9B-55B801CF0843}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{95AAC802-DE3C-40CB-A2EA-D3D16656FFE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9BF5036C-6E3D-486F-8AC4-FBAA0B3E56ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{A6ECCAB5-0253-4D48-99A8-805E0DC8F524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AE93A370-7093-4D85-9258-148CC1045290}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AED80049-DF69-4A66-BD90-BAAE0F2AE5B8}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
    "{B886B432-E7EA-4E4B-B4A5-35C9C7C62F0F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{B89C53E0-A5D2-4D35-8960-324AF59CCA71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C39F6EC7-5897-4474-A2A5-722AB5B02FF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C886B8F3-7F95-4212-8648-F40BAF3E130A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{CAA8CD19-6C51-4893-9CB8-F47D98C7386B}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
    "{CC88C0B0-038B-4FAD-90D3-F3CDDD5E49E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{DCA9E5A1-967A-4E16-84D5-B38F648C170E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{E3D6A642-BD4E-41FD-9BFF-09E2C9AA5D2D}" = dir=in | app=c:\users\taliah\appdata\local\tnt2\2.0.0.1702\tnt2user.exe |
    "{E78E2544-EB63-45B4-A919-483D05DFE676}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{EC4D603E-D810-47CC-AB38-CBD472D30AFD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{EFC24A64-43F2-42D8-A3DC-80AC1FC4CC95}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
    "{FA6465B3-65C3-402D-84AF-88A465A2ADA6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{FB878EE5-F4A8-472D-B6E7-E35B1D8EA834}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "TCP Query User{78C06CE6-90A1-44E7-A390-67F0526353DC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{86A0727C-1763-4D90-99C1-82EA9C0EE21E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
     
  16. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    {205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{504F08E9-C70E-4B70-917E-382141CAC326}" = TuneUp Utilities 2014 (en-GB)
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5339885F-4597-4343-BD3B-74280CC79424}" = ArcSoft VideoImpression 2
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}" = ArcSoft PhotoImpression 5
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76D0B7D8-6683-4D54-A108-046A5E542F0B}" = SoftStylus
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A3913CAB-1406-46F2-BB62-1CB96DDAF460}" = 1000 Solitaire Games
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft Mouse and Keyboard Center
    "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AOL Toolbar" = AOL Toolbar 5.0
    "Avast" = avast! Free Antivirus
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "PROHYBRIDR" = 2007 Microsoft Office system
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TablEdit_is1" = TablEdit 2.69
    "TeamViewer 8" = TeamViewer 8
    "TuneUp Utilities 2014" = TuneUp Utilities 2014
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WTA-f3d54b39-3520-40f8-a399-b1c259f8aa8f" = Cake Mania

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1160702305-3582450622-2665941894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Hewlett-Packard Events ]
    Error - 8/12/2012 9:10:03 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:04 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:05 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:05 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:07 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:08 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:09 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:11 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:11 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 8/12/2012 9:10:12 PM | Computer Name = Rawr | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM:
    1978 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    [ HP Software Framework Events ]
    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.289|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.325|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.348|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.375|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.396|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.422|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.462|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    Error - 19/11/2012 7:34:00 AM | Computer Name = Rawr | Source = CaslSmBios | ID = 5
    Description = 2012/11/19 21:34:00.497|00001980|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
    eRet: e_BIOS_INVALID_COMMAND_TYPE

    [ OSession Events ]
    Error - 28/04/2013 11:13:53 PM | Computer Name = Rawr | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22853
    seconds with 10920 seconds of active time. This session ended with a crash.


    < End of report >
     
  17. 2014/04/09
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    that was the OTLtxt and the Extras...

    if that is all..... is my system reading off the correct desktop drive (Admin drive).... i know i was told to move it by a friend and that it was not a good thing to do???

    Forgive my terminology please
     
  18. 2014/04/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did fine.

    [​IMG] Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Taliah\AppData\Local\Temp\catchme.sys -- (catchme)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\SearchScopes\{F3EF8F74-7451-4D3E-BC94-D80D63F450CD}:  "URL" = http://search.findwide.com/serp?guid={ECC66A08-048C-42DA-A564-2ED5D9A9F071}&action=default_search&serpv=22&k={searchTerms}
    [2014/03/16 23:46:04 | 000,000,000 | ---D | M] (FindWide Toolbar) -- C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\e xtensions\toolbar10815@findwide.com
    File not found (No name found) -- C:\USERS\TALIAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NEX98OQN.DEFAULT\E XTENSIONS\TOOLBAR10815@FINDWIDE.COM.XPI
    CHR - Extension: FindWide Toolbar = C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaenmbfiffffkbabndmpmpghcbnchof\1.0.0.0_0\
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1160702305-3582450622-2665941894-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    @Alternate Data Stream - 64 bytes -> C:\Users\Taliah\Downloads\Desktop\Avatar 2009.avi:TOC.WMV
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. 2014/04/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
  20. 2014/04/17
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    sorry broni... just got back... will do what you have asked
    ASAP
     
  21. 2014/04/17
    yoruga

    yoruga Well-Known Member Thread Starter

    Joined:
    2008/09/30
    Messages:
    144
    Likes Received:
    0
    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    Service USBCCID stopped successfully!
    Service USBCCID deleted successfully!
    File system32\DRIVERS\RtsUCcid.sys not found.
    Service RtsUIR stopped successfully!
    Service RtsUIR deleted successfully!
    File system32\DRIVERS\Rts516xIR.sys not found.
    Service MFE_RR stopped successfully!
    Service MFE_RR deleted successfully!
    File C:\Users\Taliah\AppData\Local\Temp\mfe_rr.sys not found.
    Service Lbd stopped successfully!
    Service Lbd deleted successfully!
    File system32\DRIVERS\Lbd.sys not found.
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\Users\Taliah\AppData\Local\Temp\catchme.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3EF8F74-7451-4D3E-BC94-D80D63F450CD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3EF8F74-7451-4D3E-BC94-D80D63F450CD}\ not found.
    Folder C:\Users\Taliah\AppData\Roaming\mozilla\Firefox\Profiles\nex98oqn.default\e xtensions\toolbar10815@findwide.com\ not found.
    C:\Users\Taliah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaenmbfiffffkbabndmpmpghcbnchof\1.0.0.0_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1160702305-3582450622-2665941894-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    ADS C:\Users\Taliah\Downloads\Desktop\Avatar 2009.avi:TOC.WMV deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.