Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pc lag issues, need help with combofix


  • This topic is locked This topic is locked
22 replies to this topic

#1 appleliao

appleliao

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 16 March 2013 - 06:02 AM

I had lag issues with my pc so I ran combofix. This is the log, I need help with what to do next to clean my pc? Thanks
 
 
ComboFix 13-03-16.02 - Josh 03/16/2013  17:54:04.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.63.1033.18.3839.2333 [GMT 8:00]
Running from: c:\users\Josh\Downloads\appleliao.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
c:\users\Josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D7211B7-2B2F-4A7A-AB4E-80B8CC2142A4}.xps
c:\users\Josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B243A3CF-3CCA-46AD-9CA7-FA3AD8570554}.xps
c:\users\Josh\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Josh\Documents\~WRL1330.tmp
c:\users\Josh\The Twilight Saga Breaking Dawn Part 2 2012 HDTS x264 400mb CowBoy .mkv
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-16 to 2013-03-16  )))))))))))))))))))))))))))))))
.
.
2013-03-16 10:08 . 2013-03-16 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 09:11 . 2013-03-16 09:11 -------- d-----w- c:\programdata\Recovery
2013-03-16 07:14 . 2013-03-16 07:14 -------- d-----w- c:\programdata\Norton Installer
2013-03-14 14:44 . 2013-03-14 14:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-12 15:46 . 2013-03-06 23:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-12 15:46 . 2013-03-06 23:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-12 15:46 . 2013-03-06 23:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-12 15:46 . 2013-03-06 23:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-12 15:46 . 2013-03-06 23:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-12 15:46 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-12 15:46 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-12 15:46 . 2013-03-06 23:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-12 15:46 . 2013-03-06 23:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-12 15:45 . 2013-03-06 23:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-12 15:44 . 2013-03-12 15:44 -------- d-----w- c:\program files\AVAST Software
2013-03-12 15:42 . 2013-03-12 15:44 -------- d-----w- c:\programdata\AVAST Software
2013-03-12 08:54 . 2013-03-12 08:54 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2013-03-12 08:54 . 2013-03-12 08:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-12 08:54 . 2013-03-12 08:54 -------- d-----w- c:\programdata\Malwarebytes
2013-03-12 08:54 . 2012-12-14 08:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 07:42 . 2013-03-03 07:42 -------- d-----w- c:\program files (x86)\Application Updater
2013-03-03 07:42 . 2013-03-03 07:42 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-03-03 07:42 . 2013-03-03 07:42 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2013-03-03 04:43 . 2013-03-03 05:00 -------- d-----w- c:\users\Josh\Arrow S01E15 480p HDTV x264 [VectoR]
2013-03-02 18:09 . 2013-03-02 18:09 -------- d-----w- c:\users\Josh\AppData\Roaming\4shared Desktop
2013-03-02 18:09 . 2013-03-02 18:09 -------- d-----w- c:\programdata\4shared Desktop
2013-03-02 18:08 . 2013-03-02 18:08 -------- d-----w- c:\program files (x86)\4shared Desktop
2013-02-26 10:21 . 2013-02-26 11:00 -------- d-----w- c:\users\Josh\The Walking Dead S03E11 HDTV x264-2HD[ettv]
2013-02-23 03:32 . 2013-02-23 04:25 -------- d-----w- c:\users\Josh\Naked Weapon 2002 DVDRip [Eng-Hin] [Accipiter]
2013-02-21 12:30 . 2012-05-29 07:53 27456 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2013-02-21 12:27 . 2013-02-21 12:27 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-21 12:25 . 2013-02-21 12:25 -------- d-----w- C:\swsetup
2013-02-19 21:08 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-19 21:08 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-19 20:54 . 2013-02-19 20:56 -------- d-----w- c:\users\Josh\The.Walking.Dead.S03E10.HDTV.XviD-AFG
2013-02-19 20:53 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-19 20:53 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-19 20:53 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-19 20:53 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-19 20:53 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-19 20:53 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-19 20:53 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-19 20:53 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-19 20:53 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-19 20:53 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-19 20:53 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-19 20:53 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 21:12 . 2010-07-11 06:47 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-19 20:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-02-02 11:59 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-02-02 11:59 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-02-02 11:59 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-02-02 11:59 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 04:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 04:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-06-13 11:10 2734688 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2011-01-17 08:54 175912 ----a-w- c:\program files (x86)\ooVoo_Video_Chat\prxtbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-02-23 11:17 1352512 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-05-16 18:37 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-13 2734688]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Video_Chat\prxtbooVo.dll" [2011-01-17 175912]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Josh\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Facebook Update"="c:\users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-29 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-09 296096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 aswVmm;aswVmm; [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\e-Games\Ran Online\GameGuard\dump_wmimmc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [2011-06-09 45176]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys [2011-02-28 27848]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-02-10 223256]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-02 202752]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-27 176408]
S2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files (x86)\Globe Telecom\Click Fix\bin\sprtsvc.exe [2008-08-21 200384]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-10-12 763904]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-09-17 25080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
- c:\users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 00:44]
.
2013-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
- c:\users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 00:44]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 03:58]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 03:58]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-24 14:07]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-24 14:07]
.
2013-03-07 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 14:15]
.
2013-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 11:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 11:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 11:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 11:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-12 23:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2010-07-08 16:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - c139f586-69ef-4d15-be92-8a8a048b9799
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-03-16  18:21:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-16 10:21
.
Pre-Run: 193,575,268,352 bytes free
Post-Run: 195,931,938,816 bytes free
.
- - End Of File - - 3E613B10A34CCAB370610E17FD1EF076


BC AdBot (Login to Remove)

 


#2 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 17 March 2013 - 04:19 PM

Hi appleliao,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
 

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

AdwCleaner
 

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Then please give me a set of logs from DDS:

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments,  attach.txt will open in a second window.
  • Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

 

 

 


Posted Image

#3 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 March 2013 - 06:11 AM

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 19:07:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Josh - JOSH-PC
# Boot Mode : Normal
# Running from : C:\Users\Josh\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\searchplugins\GoogleFeed.xml
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\searchplugins\search.xml
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\BitTorrentBar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\ooVoo_Video_Chat
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Josh\AppData\Local\Conduit
Folder Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Deleted : C:\Users\Josh\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Josh\AppData\Local\PackageAware
Folder Deleted : C:\Users\Josh\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Josh\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Josh\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Josh\AppData\LocalLow\ooVoo_Video_Chat
Folder Deleted : C:\Users\Josh\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Josh\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Josh\AppData\Roaming\iWin
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\Conduit
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\ConduitCommon
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\CT1572363
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\CT2269050
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\CT2306307
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\CT2504091
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\CT2790392
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{02556715-7cbd-40a7-9e0d-439807b4fd31}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
Folder Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\jetpack
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ooVoo_Video_Chat
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F383D39-3F1C-4BC9-A2A2-B39AE334E1FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C8270FB-4C3C-41D2-890D-72DCD1F16FE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFC3CB16-2BBB-49A2-956F-084EE3119C82}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F383D39-3F1C-4BC9-A2A2-B39AE334E1FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3C8270FB-4C3C-41D2-890D-72DCD1F16FE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFC3CB16-2BBB-49A2-956F-084EE3119C82}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\ooVoo_Video_Chat
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F383D39-3F1C-4BC9-A2A2-B39AE334E1FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C8270FB-4C3C-41D2-890D-72DCD1F16FE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFC3CB16-2BBB-49A2-956F-084EE3119C82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E0CEB9A-9AE1-4A0A-A2E8-3ABE47758DDF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B530009-2FA8-4A7E-B78D-577CD3FEC2A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D42852F2-5B9D-4258-ACC7-A33B1C7D4769}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1DC7BE0-D98A-48A4-B085-2BB42F9B0514}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ooVoo_Video_Chat Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\prefs.js
 
C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\user.js ... Deleted !
 
Deleted : user_pref("CT1572363..clientLogIsEnabled", false);
Deleted : user_pref("CT1572363..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1572363..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1572363.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1572363.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1572363.AppTrackingLastCheckTime", "Thu Jun 09 2011 22:21:31 GMT+0800 (China Standard T[...]
Deleted : user_pref("CT1572363.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT1572363.BrowserCompStateIsOpen_129523531866740840", true);
Deleted : user_pref("CT1572363.BrowserCompStateIsOpen_129784497989400480", true);
Deleted : user_pref("CT1572363.BrowserCompStateIsOpen_130004712294105244", true);
Deleted : user_pref("CT1572363.BrowserCompStateIsOpen_130040865815113041", true);
Deleted : user_pref("CT1572363.CT1572363", "CT1572363");
Deleted : user_pref("CT1572363.CurrentServerDate", "13-3-2013");
Deleted : user_pref("CT1572363.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1572363.DialogsGetterLastCheckTime", "Wed Mar 13 2013 00:42:59 GMT+0800 (China Standard[...]
Deleted : user_pref("CT1572363.DownloadReferralCookieData", "");
Deleted : user_pref("CT1572363.EMailNotifierPollDate", "Thu Jun 16 2011 19:30:45 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT1572363.FirstServerDate", "7-6-2011");
Deleted : user_pref("CT1572363.FirstTime", true);
Deleted : user_pref("CT1572363.FirstTimeFF3", true);
Deleted : user_pref("CT1572363.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1572363.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1572363.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1572363.HasUserGlobalKeys", true);
Deleted : user_pref("CT1572363.Initialize", true);
Deleted : user_pref("CT1572363.InitializeCommonPrefs", true);
Deleted : user_pref("CT1572363.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1572363.InstallationId", "StubInstaller");
Deleted : user_pref("CT1572363.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT1572363.InstalledDate", "Tue Jun 07 2011 20:19:02 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT1572363.InvalidateCache", false);
Deleted : user_pref("CT1572363.IsGrouping", false);
Deleted : user_pref("CT1572363.IsMulticommunity", false);
Deleted : user_pref("CT1572363.IsOpenThankYouPage", true);
Deleted : user_pref("CT1572363.IsOpenUninstallPage", true);
Deleted : user_pref("CT1572363.LanguagePackLastCheckTime", "Wed Mar 13 2013 10:10:37 GMT+0800 (China Standard [...]
Deleted : user_pref("CT1572363.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1572363.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1572363.LastLogin_3.13.0.6", "Fri Jul 20 2012 10:34:10 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT1572363.LastLogin_3.14.1.0", "Tue Jan 08 2013 01:44:07 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT1572363.LastLogin_3.16.0.3", "Mon Feb 11 2013 23:54:15 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT1572363.LastLogin_3.18.0.7", "Wed Mar 13 2013 16:42:42 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT1572363.LastLogin_3.3.3.2", "Thu Jun 16 2011 19:18:44 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT1572363.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT1572363.Locale", "en-us");
Deleted : user_pref("CT1572363.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1572363.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1572363.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1572363.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1572363.RadioIsPodcast", false);
Deleted : user_pref("CT1572363.RadioLastCheckTime", "Thu Jun 16 2011 20:51:36 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT1572363.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1572363.RadioLastUpdateServer", "0");
Deleted : user_pref("CT1572363.RadioMediaID", "9962");
Deleted : user_pref("CT1572363.RadioMediaType", "Media Player");
Deleted : user_pref("CT1572363.RadioMenuSelectedID", "EBRadioMenu_CT15723639962");
Deleted : user_pref("CT1572363.RadioStationName", "California%20Rock");
Deleted : user_pref("CT1572363.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT1572363.SavedHomepage", "hxxp://www.yahoo.com");
Deleted : user_pref("CT1572363.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1572363.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT157[...]
Deleted : user_pref("CT1572363.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1572363.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1572363.SearchInNewTabLastCheckTime", "Wed Mar 13 2013 10:10:24 GMT+0800 (China Standar[...]
Deleted : user_pref("CT1572363.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1572363.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1572363.ServiceMapLastCheckTime", "Wed Mar 13 2013 10:10:27 GMT+0800 (China Standard Ti[...]
Deleted : user_pref("CT1572363.SettingsLastCheckTime", "Wed Mar 13 2013 00:42:37 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT1572363.SettingsLastUpdate", "1363093959");
Deleted : user_pref("CT1572363.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1572363.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 20:18:53 GMT+0800 (China Stand[...]
Deleted : user_pref("CT1572363.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT1572363.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1572363.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1572363");
Deleted : user_pref("CT1572363.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1572363.UserID", "UN56851274583814484");
Deleted : user_pref("CT1572363.WeatherNetwork", "");
Deleted : user_pref("CT1572363.WeatherPollDate", "Thu Jun 16 2011 19:18:50 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT1572363.WeatherUnit", "C");
Deleted : user_pref("CT1572363.alertChannelId", "16833");
Deleted : user_pref("CT1572363.approveUntrustedApps", true);
Deleted : user_pref("CT1572363.backendstorage._fb_dailyactivity", "31333038313432323830353036");
Deleted : user_pref("CT1572363.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT1572363.backendstorage.alertnotificationglobaltrigger", "");
Deleted : user_pref("CT1572363.backendstorage.facebook_check_date", "31353134312E343731343636363535303932");
Deleted : user_pref("CT1572363.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT1572363.backendstorage.facebook_install", "796573");
Deleted : user_pref("CT1572363.backendstorage.facebook_reminder_count", "32");
Deleted : user_pref("CT1572363.backendstorage.hxxp://api16_thetrafficstat_net.pid2", "653337666335383138323731[...]
Deleted : user_pref("CT1572363.backendstorage.hxxp://api18_thetrafficstat_net.pid2", "653337666335383138323731[...]
Deleted : user_pref("CT1572363.backendstorage.hxxp://api21_thetrafficstat_net.pid2", "653337666335383138323731[...]
Deleted : user_pref("CT1572363.backendstorage.notificationheartbitstorage", "313330383232333133372E393031");
Deleted : user_pref("CT1572363.components.1000034", true);
Deleted : user_pref("CT1572363.components.1000082", true);
Deleted : user_pref("CT1572363.components.1000234", true);
Deleted : user_pref("CT1572363.components.1000515", true);
Deleted : user_pref("CT1572363.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1572363.globalFirstTimeInfoLastCheckTime", "Thu Jun 16 2011 19:18:44 GMT+0800 (China St[...]
Deleted : user_pref("CT1572363.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1572363.initDone", true);
Deleted : user_pref("CT1572363.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1572363.myStuffEnabled", true);
Deleted : user_pref("CT1572363.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1572363.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1572363.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1572363.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1572363.oldAppsList", "128491907140756606,128491907208256770,128944634022362696,1294933[...]
Deleted : user_pref("CT1572363.revertSettingsEnabled", true);
Deleted : user_pref("CT1572363.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1572363.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1572363.testingCtid", "");
Deleted : user_pref("CT1572363.toolbarAppMetaDataLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Sta[...]
Deleted : user_pref("CT1572363.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 20:18:55 GMT+0800 (China Sta[...]
Deleted : user_pref("CT1572363.usagesFlag", 2);
Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "13-3-2013");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Mar 13 2013 00:42:49 GMT+0800 (China Standard[...]
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Wed Feb 09 2011 11:30:50 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2269050.FirstServerDate", "4-2-2011");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Fri Feb 04 2011 20:10:28 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Mar 13 2013 10:10:31 GMT+0800 (China Standard [...]
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Sat Aug 25 2012 20:16:36 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Nov 09 2012 22:06:54 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2269050.LastLogin_3.16.0.100", "Mon Feb 11 2013 23:53:54 GMT+0800 (China Standard Time)[...]
Deleted : user_pref("CT2269050.LastLogin_3.16.0.3", "Sun Jan 06 2013 00:09:20 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2269050.LastLogin_3.18.0.7", "Wed Mar 13 2013 16:42:42 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2269050.LastLogin_3.2.5.2", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Mar 13 2013 10:10:22 GMT+0800 (China Standar[...]
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Mar 13 2013 10:10:30 GMT+0800 (China Standard Ti[...]
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Wed Mar 13 2013 00:42:36 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1363093948");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Feb 04 2011 20:10:26 GMT+0800 (China Stand[...]
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN87515503630741232");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Wed Feb 09 2011 11:30:57 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Feb 04 2011 20:10:32 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2306307..clientLogIsEnabled", false);
Deleted : user_pref("CT2306307..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2306307..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2306307.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2306307.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2306307.AppTrackingLastCheckTime", "Sat Aug 04 2012 20:44:48 GMT+0800 (China Standard T[...]
Deleted : user_pref("CT2306307.BrowserCompStateIsOpen_129934633968901883", true);
Deleted : user_pref("CT2306307.CT2306307", "CT2306307");
Deleted : user_pref("CT2306307.CurrentServerDate", "13-3-2013");
Deleted : user_pref("CT2306307.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2306307.DialogsGetterLastCheckTime", "Wed Mar 13 2013 00:42:45 GMT+0800 (China Standard[...]
Deleted : user_pref("CT2306307.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2306307.FeedLastCount129461349869257179", 50);
Deleted : user_pref("CT2306307.FeedLastCount129463582774619555", 150);
Deleted : user_pref("CT2306307.FeedPollDate129461349869257179", "Thu Nov 29 2012 19:45:45 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2306307.FeedPollDate129463581423369234", "Thu Nov 29 2012 19:45:45 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2306307.FeedPollDate129463582528056872", "Thu Nov 29 2012 19:45:45 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2306307.FeedPollDate129463588093888490", "Thu Nov 29 2012 19:45:45 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2306307.FirstServerDate", "16-6-2011");
Deleted : user_pref("CT2306307.FirstTime", true);
Deleted : user_pref("CT2306307.FirstTimeFF3", true);
Deleted : user_pref("CT2306307.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2306307.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2306307.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2306307.HasUserGlobalKeys", true);
Deleted : user_pref("CT2306307.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2306307.Initialize", true);
Deleted : user_pref("CT2306307.InitializeCommonPrefs", true);
Deleted : user_pref("CT2306307.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2306307.InstalledDate", "Thu Jun 16 2011 19:20:49 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.IsAlertDBUpdated", true);
Deleted : user_pref("CT2306307.IsGrouping", false);
Deleted : user_pref("CT2306307.IsMulticommunity", false);
Deleted : user_pref("CT2306307.IsOpenThankYouPage", true);
Deleted : user_pref("CT2306307.IsOpenUninstallPage", true);
Deleted : user_pref("CT2306307.IsProtectorsInit", true);
Deleted : user_pref("CT2306307.LanguagePackLastCheckTime", "Wed Mar 13 2013 10:10:29 GMT+0800 (China Standard [...]
Deleted : user_pref("CT2306307.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2306307.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2306307.LastLogin_3.10.0.1", "Thu Jun 28 2012 00:18:06 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.13.0.6", "Mon Jul 09 2012 07:05:05 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.14.1.0", "Sat Sep 08 2012 19:20:02 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.15.1.0", "Fri Nov 09 2012 22:07:08 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.16.0.3", "Mon Feb 11 2013 23:53:54 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.18.0.7", "Wed Mar 13 2013 16:42:42 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.4.2.0", "Sat Jul 09 2011 03:41:58 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.LastLogin_3.5.0.12", "Thu Aug 04 2011 23:49:09 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.6.0.10", "Thu Oct 06 2011 03:56:51 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2306307.LastLogin_3.7.0.6", "Tue Oct 18 2011 10:48:17 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.LastLogin_3.8.0.8", "Wed Dec 07 2011 14:22:37 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.LastLogin_3.8.1.0", "Sat Jan 28 2012 14:33:46 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.LastLogin_3.9.0.3", "Sun Feb 19 2012 09:44:59 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2306307.Locale", "en");
Deleted : user_pref("CT2306307.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2306307.MCDetectTooltipShow", false);
Deleted : user_pref("CT2306307.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2306307.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2306307.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2306307.OriginalFirstVersion", "3.4.2.0");
Deleted : user_pref("CT2306307.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2306307.SearchBoxWidth", 1304);
Deleted : user_pref("CT2306307.SearchEngineBeforeUnload", "ooVoo Video Chat Customized Web Search");
Deleted : user_pref("CT2306307.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2306307.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT230[...]
Deleted : user_pref("CT2306307.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2306307.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2306307.SearchInNewTabLastCheckTime", "Wed Mar 13 2013 10:10:23 GMT+0800 (China Standar[...]
Deleted : user_pref("CT2306307.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2306307.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2306307.SearchProtectorEnabled", false);
Deleted : user_pref("CT2306307.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2306307.ServiceMapLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Standard Ti[...]
Deleted : user_pref("CT2306307.SettingsLastCheckTime", "Wed Mar 13 2013 00:42:34 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2306307.SettingsLastUpdate", "1363095797");
Deleted : user_pref("CT2306307.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2306307.ThirdPartyComponentsLastCheck", "Tue Feb 26 2013 09:30:44 GMT+0800 (China Stand[...]
Deleted : user_pref("CT2306307.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2306307.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2306307.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2306307");
Deleted : user_pref("CT2306307.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2306307.UserID", "UN77750331009060319");
Deleted : user_pref("CT2306307.ValidationData_Search", 2);
Deleted : user_pref("CT2306307.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2306307.alertChannelId", "702741");
Deleted : user_pref("CT2306307.approveUntrustedApps", false);
Deleted : user_pref("CT2306307.components.1000080", false);
Deleted : user_pref("CT2306307.components.1000515", false);
Deleted : user_pref("CT2306307.components.128885686460250867", false);
Deleted : user_pref("CT2306307.components.128908870323688019", false);
Deleted : user_pref("CT2306307.components.128908896632481552", false);
Deleted : user_pref("CT2306307.components.129461349869257179", false);
Deleted : user_pref("CT2306307.components.129462655546700118", false);
Deleted : user_pref("CT2306307.components.129463582774619555", false);
Deleted : user_pref("CT2306307.components.129934633968901883", false);
Deleted : user_pref("CT2306307.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2306307.globalFirstTimeInfoLastCheckTime", "Fri Mar 08 2013 12:25:10 GMT+0800 (China St[...]
Deleted : user_pref("CT2306307.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2306307.initDone", true);
Deleted : user_pref("CT2306307.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2306307.myStuffEnabled", true);
Deleted : user_pref("CT2306307.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2306307.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2306307.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2306307.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2306307.oldAppsList", "128885679177282175,128885679177282176,111,128908896632481552,128[...]
Deleted : user_pref("CT2306307.revertSettingsEnabled", true);
Deleted : user_pref("CT2306307.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2306307.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2306307.testingCtid", "");
Deleted : user_pref("CT2306307.toolbarAppMetaDataLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2306307.toolbarContextMenuLastCheckTime", "Tue Mar 12 2013 10:10:28 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2306307.undefined", "Thu Jun 16 2011 19:20:48 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2306307.usagesFlag", 2);
Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129990558296257215", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_1359634298000", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "13-3-2013");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Wed Mar 13 2013 00:42:57 GMT+0800 (China Standard[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Sat Nov 27 2010 20:22:51 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 11);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Sat Nov 27 2010 21:22:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Sat Nov 27 2010 19:22:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "6-9-2010");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Mon Sep 06 2010 18:34:21 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Mar 13 2013 10:10:36 GMT+0800 (China Standard [...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Sat Nov 27 2010 19:22:52 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Fri Jul 20 2012 10:34:09 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Sat Aug 25 2012 20:16:38 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Fri Nov 09 2012 22:06:58 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2504091.LastLogin_3.16.0.100", "Mon Feb 11 2013 23:54:04 GMT+0800 (China Standard Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.16.0.3", "Sun Jan 06 2013 00:09:24 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2504091.LastLogin_3.18.0.7", "Wed Mar 13 2013 16:42:42 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Mar 13 2013 10:10:24 GMT+0800 (China Standar[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Wed Mar 13 2013 10:10:27 GMT+0800 (China Standard Ti[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Wed Mar 13 2013 00:42:36 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1363093846");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Nov 11 2010 16:42:35 GMT+0800 (China Stand[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN11287704642376728");
Deleted : user_pref("CT2504091.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.revertSettingsEnabled", true);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_130059329278017115", true);
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_1359634298000", true);
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "13-3-2013");
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Wed Mar 13 2013 00:42:53 GMT+0800 (China Standard[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Wed Feb 09 2011 11:30:48 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 550);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Feb 09 2011 11:30:51 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "11-1-2011");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2790392.InstalledDate", "Tue Jan 11 2011 23:38:23 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Wed Mar 13 2013 10:10:32 GMT+0800 (China Standard [...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.13.0.6", "Fri Jul 20 2012 10:34:09 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2790392.LastLogin_3.14.1.0", "Fri Aug 31 2012 17:58:56 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2790392.LastLogin_3.15.1.0", "Fri Nov 09 2012 22:07:04 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2790392.LastLogin_3.16.0.3", "Mon Feb 11 2013 23:54:01 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2790392.LastLogin_3.18.0.7", "Wed Mar 13 2013 16:42:42 GMT+0800 (China Standard Time)")[...]
Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Wed Feb 09 2011 11:30:50 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2790392.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Wed Mar 13 2013 10:10:24 GMT+0800 (China Standar[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Standard Ti[...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Mar 13 2013 00:42:36 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1363093961");
Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Fri Feb 04 2011 20:10:23 GMT+0800 (China Stand[...]
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2790392.UserID", "UN67236121146829776");
Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Wed Feb 09 2011 11:30:52 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "C");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.backendstorage.hxxp://conduit_priceblink_com/conduit.uid", "35666636626134342D6[...]
Deleted : user_pref("CT2790392.backendstorage.hxxp://staging_priceblink_com/conduit.uid", "63323761633634622D6[...]
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.initDone", true);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.revertSettingsEnabled", true);
Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Wed Mar 13 2013 10:10:26 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Jan 11 2011 23:38:25 GMT+0800 (China Sta[...]
Deleted : user_pref("CT2790392.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1572363");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1572363/CT1572363[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2306307/CT2306307[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/PH", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/16833/16485/PH", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/PH", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/702741/698601/PH", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/PH", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1572363", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2306307", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1572363",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2306307",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63432589928083[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2306307&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1572363/CT1572363[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2306307/CT2306307[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"00c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Josh\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/7/230/CT2306307/Brows[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://streampinoy.net/conduit/btv.html", "359x2[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://streampinoy.net/conduit/espnsc.html", "42[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/7/230/CT2306307/BrowserFi[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://streampinoy.net/conduit/btv.html", "580x475")[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://streampinoy.net/conduit/espnsc.html", "580x47[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=ffds1&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT2790392,CT2269050,CT1572363,CT2306307");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,ConduitEngine,CT2790392,CT2269050,CT1572363,C[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2306307");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 06 2011 00:13:36 GMT+08[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Dec 04 2011 20:01:34 GMT+0800 (China[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Dec 14 2011 06:45:03 GMT+0800 (China Sta[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "a6f7e672-fe61-4edf-a18c-ff2647b9a5c7");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Feb 09 2011 11:30:48 GMT+0800 (Chi[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "c8c6fa78-cc07-4850-bc5e-bd7a246e1fca");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1572363");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Mar 09 2013 18:13:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Mar 13 2013 00:42:53 GMT+080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Mar 13 2013 00:42:44 GMT+0800 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "40211f05-88ec-4c76-ad05-859b6042b3f6");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "ooVoo Video Chat Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdo[...]
Deleted : user_pref("extentions.y2layers.installId", "c139f586-69ef-4d15-be92-8a8a048b9799");
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [358 octets] - [19/03/2013 19:06:20]
AdwCleaner[S2].txt - [71381 octets] - [19/03/2013 19:07:17]
 
########## EOF - C:\AdwCleaner[S2].txt - [71442 octets] ##########


#4 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 March 2013 - 06:20 AM

Hi Tomk_, thanks for your help. 

 

I can't seem to download DDs. I already turned off my kaspersky protection. I only have a free version of MBAM so I guess that's not something I could turn off?



#5 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 19 March 2013 - 09:17 AM

Nothing to turn off in MBAM.
 
What seems to be the issue when you try to download DDS?
 
Let's try a different scanner.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Posted Image

#6 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 March 2013 - 10:36 PM

OTL logfile created on: 3/20/2013 11:16:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Josh\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.12% Memory free
7.50 Gb Paging File | 5.77 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.16 Gb Total Space | 172.26 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
Drive D: | 12.38 Gb Total Space | 1.74 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
Drive G: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 17.59 Mb Total Space | 17.26 Mb Free Space | 98.10% Space Free | Partition Type: FAT
 
Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/20 11:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2013/01/30 00:47:57 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/10/10 03:00:24 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/24 15:50:54 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2009/10/23 10:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/11 10:39:54 | 000,025,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/09/11 10:37:08 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 16:28:24 | 000,200,384 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Globe Telecom\Click Fix\bin\sprtsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/20 16:17:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/20 16:16:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/03 03:27:09 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/02/03 01:02:50 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/02/03 00:54:10 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/02/03 00:44:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/02/03 00:36:34 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll
MOD - [2013/02/03 00:36:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/03 00:36:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/02/03 00:29:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/03 00:26:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/03 00:24:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/03 00:06:48 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/03 00:06:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/30 00:47:57 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/23 10:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/02/03 04:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/14 22:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 22:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/15 21:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/03/19 10:44:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 12:36:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/13 07:22:05 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/09/14 00:35:23 | 004,234,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/09/03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:50:54 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2009/09/11 10:37:08 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/21 16:28:24 | 000,200,384 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Globe Telecom\Click Fix\bin\sprtsvc.exe -- (sprtsvc_globe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/14 14:55:12 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/01/14 14:55:12 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/28 14:28:28 | 000,027,848 | ---- | M] (RSJ Software GmbH) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproiah.sys -- (vproiah)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/10 13:10:08 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/02/03 04:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/03 04:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 03:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/17 17:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 17:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/08/21 08:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 10:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009/06/22 23:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 22:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/06/09 19:41:31 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/33
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E110C716-A549-4EC7-94DF-26F0D256D6A9}: "URL" = http://fl.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKCU\..\SearchScopes\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B02556715-7cbd-40a7-9e0d-439807b4fd31%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B88c7f2aa-f93f-432c-8f0e-b7d85967a527%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Be5a1e26f-0d1d-4307-868f-fbd9a374ab54%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: SearchToolbar@skywebsearch.com:3.8
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/03/04 16:00:13 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@iahgames.com/prodown: C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll (RSJ Software GmbH)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/03/04 16:00:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown:  File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Users\Josh\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Josh\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/08 16:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/12/15 15:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 03:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/13 03:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 03:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/03/16 19:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/03/16 19:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/03/16 19:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:36:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/08 16:54:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files (x86)\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:36:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:36:45 | 000,000,000 | ---D | M]
 
[2010/06/29 22:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2010/06/29 22:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/03/19 19:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions
[2013/03/01 22:12:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/24 20:13:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/14 12:51:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\firefox@tvunetworks.com
[2013/01/23 19:54:52 | 000,005,958 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\4sharedCopyLinks.xpi
[2013/02/01 20:53:11 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\OneClickDownload@OneClickDownload.com.xpi
[2013/02/24 20:13:25 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\plugin@yontoo.com.xpi
[2012/12/14 02:07:43 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/03/08 12:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 12:36:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/03 15:42:19 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{02556715-7CBD-40A7-9E0D-439807B4FD31}
File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}
[2013/03/08 12:36:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/12/18 01:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2012/10/10 03:00:34 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2013/01/09 13:07:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/28 12:42:58 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: IAHGames (Enabled) = C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Josh\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Josh\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Josh\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.23.1_0\
CHR - Extension: YouTube = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Fast save = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokofgddojnaobbleoaobajhafnhmfb\1.1_0\
CHR - Extension: Virtual Keyboard = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/03/16 18:11:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Josh\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [EPSON ME 32 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEC.EXE /FU "C:\Users\Josh\AppData\Local\Temp\E_S1EF5.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK File not found
O8:64bit: - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK File not found
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab (EGamesPlugin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F843ED-BB66-4D40-89CB-BA04DF7BB600}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA7634BD-5912-4500-A45B-10D578EB523B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 21:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 21:20:07 | 000,016,158 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 21:20:07 | 000,000,308 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 21:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - G:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - L:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvid.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/19 10:01:15 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 11:33:26 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\finals by subject
[2013/03/17 12:33:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/17 12:33:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/17 12:33:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/17 12:33:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/17 12:33:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/17 12:33:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/17 12:33:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/17 12:33:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/17 12:33:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/17 12:33:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/17 12:33:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/17 12:33:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/17 12:33:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/17 12:32:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/17 12:32:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/17 12:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/17 12:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/17 12:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/16 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/03/16 19:37:54 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/03/16 19:36:27 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/03/16 19:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/03/16 19:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/03/16 19:35:59 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/03/16 19:35:59 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/03/16 18:11:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/16 17:51:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/16 17:51:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/16 17:51:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/16 17:26:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/16 17:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/03/16 15:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2013/03/15 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\GOT 2
[2013/03/15 12:18:06 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\PE Day
[2013/03/14 22:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/14 22:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/13 00:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/03/12 23:46:14 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/12 23:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/12 23:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/12 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2013/03/12 16:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/12 16:54:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/12 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/12 16:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/08 12:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\camille
[2013/03/04 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Best of you tube
[2013/03/03 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2013/03/03 14:00:44 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\game of thrones
[2013/03/03 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\Arrow S01E15 480p HDTV x264 [VectoR]
[2013/03/03 02:09:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\4shared Desktop
[2013/03/03 02:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools
[2013/03/03 02:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/03/03 02:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4shared Desktop
[2013/03/03 02:04:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Music Of The Night Mp3 Download_files
[2013/02/27 22:22:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Warm.Bodies.2013.HDCAM.XviD.READNFO-THC
[2013/02/27 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Gangster Squad 2013 R6 HDRip.XviD.Feel-Free
[2013/02/27 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\CHD7 ANNUAL 2011
[2013/02/26 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\The Walking Dead S03E11 HDTV x264-2HD[ettv]
[2013/02/23 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Josh\Naked Weapon 2002 DVDRip [Eng-Hin] [Accipiter]
[2013/02/21 20:30:16 | 000,027,456 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys
[2013/02/21 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/02/21 20:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/02/21 20:25:32 | 000,000,000 | ---D | C] -- C:\swsetup
[2013/02/20 04:54:19 | 000,000,000 | ---D | C] -- C:\Users\Josh\The.Walking.Dead.S03E10.HDTV.XviD-AFG
[2013/02/20 04:53:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/20 04:53:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/20 04:53:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/20 04:53:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/20 04:53:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/20 04:53:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/20 04:53:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/20 04:53:15 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/20 04:53:14 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/20 04:53:14 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/20 11:21:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 11:18:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 11:18:04 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 11:10:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 11:10:45 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/03/20 11:10:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 11:10:28 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 08:56:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2013/03/20 08:49:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2013/03/20 08:49:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2013/03/20 08:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 00:35:29 | 000,048,505 | ---- | M] () -- C:\Users\Josh\Desktop\58920_1567965037574_2323873_n.jpg
[2013/03/20 00:35:10 | 000,055,294 | ---- | M] () -- C:\Users\Josh\Desktop\58920_1567965317581_265025_n.jpg
[2013/03/19 11:03:37 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2013/03/19 10:44:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/19 10:44:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/18 17:53:50 | 001,163,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/18 17:53:50 | 000,375,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/18 17:53:50 | 000,005,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/16 19:42:18 | 000,052,472 | ---- | M] () -- C:\Users\Josh\Desktop\542728_630679690290830_537156120_n.jpg
[2013/03/16 19:37:55 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/03/16 18:44:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/16 18:11:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/16 15:12:41 | 000,000,991 | ---- | M] () -- C:\Users\Josh\Desktop\magicJack.lnk
[2013/03/15 01:24:31 | 000,377,952 | ---- | M] () -- C:\Users\Josh\Desktop\jogz1.png
[2013/03/15 01:20:52 | 000,373,252 | ---- | M] () -- C:\Users\Josh\Desktop\jogz.png
[2013/03/14 22:57:41 | 000,053,267 | ---- | M] () -- C:\Users\Josh\Desktop\420304_189100881201101_818329349_n.jpg
[2013/03/12 20:42:10 | 000,066,146 | ---- | M] () -- C:\Users\Josh\Desktop\156027_10200187907293601_2023397190_n.jpg
[2013/03/12 16:54:15 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/11 17:02:57 | 000,115,775 | ---- | M] () -- C:\Users\Josh\Desktop\74305_2656860797446_1964560268_n.jpg
[2013/03/08 12:56:32 | 000,002,046 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/07 10:05:51 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJosh.job
[2013/03/07 07:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/04 05:22:38 | 270,678,625 | ---- | M] () -- C:\Users\Josh\Arrow.S01E16.HDTV.x264-LOL.mp4
[2013/03/04 04:40:56 | 327,679,534 | ---- | M] () -- C:\Users\Josh\Arrow.S01E14.HDTV.x264-LOL.mp4
[2013/03/04 03:37:15 | 000,001,256 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/03 21:30:47 | 011,725,316 | ---- | M] () -- C:\Users\Josh\Desktop\The Phantom of the Opera - 2004 Movie Soundtrack - 13. All I Ask of You.mp3
[2013/03/03 17:57:42 | 290,159,477 | ---- | M] () -- C:\Users\Josh\Arrow.S01E12.HDTV.x264-LOL.[VTV].mp4
[2013/03/03 17:18:52 | 316,393,472 | ---- | M] () -- C:\Users\Josh\Arrow.S01E13.SweSub.HDTV.x264.REPACK-LOL.avi
[2013/03/03 02:09:30 | 000,001,939 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2013/03/03 02:08:35 | 000,001,903 | ---- | M] () -- C:\Users\Josh\Desktop\4shared Desktop.lnk
[2013/03/02 23:04:02 | 000,587,385 | ---- | M] () -- C:\Users\Josh\Desktop\Untitled.png
[2013/03/02 16:31:51 | 000,028,525 | ---- | M] () -- C:\Users\Josh\Desktop\film-rise_of_the_guar_brow_t670.jpg
[2013/02/28 10:00:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/02/22 18:33:54 | 223,617,781 | ---- | M] () -- C:\Users\Josh\The.Vampire.Diaries.S04E15.HDTV.x264-LOL.mp4
[2013/02/21 20:29:20 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/02/20 16:13:55 | 000,462,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/19 02:01:07 | 304,005,106 | ---- | M] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E13.HDTV.x264-ASAP.mp4
[2013/02/19 01:04:24 | 272,979,656 | ---- | M] () -- C:\Users\Josh\Revenge.S02E14.HDTV.x264-LOL.mp4
 
========== Files Created - No Company Name ==========
 
[2013/03/20 00:35:25 | 000,048,505 | ---- | C] () -- C:\Users\Josh\Desktop\58920_1567965037574_2323873_n.jpg
[2013/03/20 00:35:10 | 000,055,294 | ---- | C] () -- C:\Users\Josh\Desktop\58920_1567965317581_265025_n.jpg
[2013/03/19 10:01:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/16 19:42:18 | 000,052,472 | ---- | C] () -- C:\Users\Josh\Desktop\542728_630679690290830_537156120_n.jpg
[2013/03/16 19:38:15 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/03/16 17:51:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/16 17:51:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/16 17:51:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/16 17:51:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/16 17:51:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/15 01:24:31 | 000,377,952 | ---- | C] () -- C:\Users\Josh\Desktop\jogz1.png
[2013/03/15 01:20:52 | 000,373,252 | ---- | C] () -- C:\Users\Josh\Desktop\jogz.png
[2013/03/14 22:57:41 | 000,053,267 | ---- | C] () -- C:\Users\Josh\Desktop\420304_189100881201101_818329349_n.jpg
[2013/03/12 23:46:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/03/12 20:42:05 | 000,066,146 | ---- | C] () -- C:\Users\Josh\Desktop\156027_10200187907293601_2023397190_n.jpg
[2013/03/12 16:54:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/11 17:02:57 | 000,115,775 | ---- | C] () -- C:\Users\Josh\Desktop\74305_2656860797446_1964560268_n.jpg
[2013/03/04 03:37:15 | 000,001,256 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/03 21:28:44 | 011,725,316 | ---- | C] () -- C:\Users\Josh\Desktop\The Phantom of the Opera - 2004 Movie Soundtrack - 13. All I Ask of You.mp3
[2013/03/03 13:58:38 | 000,005,348 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/03 12:46:11 | 270,678,625 | ---- | C] () -- C:\Users\Josh\Arrow.S01E16.HDTV.x264-LOL.mp4
[2013/03/03 12:42:34 | 327,679,534 | ---- | C] () -- C:\Users\Josh\Arrow.S01E14.HDTV.x264-LOL.mp4
[2013/03/03 12:41:15 | 316,393,472 | ---- | C] () -- C:\Users\Josh\Arrow.S01E13.SweSub.HDTV.x264.REPACK-LOL.avi
[2013/03/03 12:37:58 | 290,159,477 | ---- | C] () -- C:\Users\Josh\Arrow.S01E12.HDTV.x264-LOL.[VTV].mp4
[2013/03/03 02:09:30 | 000,001,939 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2013/03/03 02:08:34 | 000,001,903 | ---- | C] () -- C:\Users\Josh\Desktop\4shared Desktop.lnk
[2013/03/02 23:04:01 | 000,587,385 | ---- | C] () -- C:\Users\Josh\Desktop\Untitled.png
[2013/03/02 16:31:50 | 000,028,525 | ---- | C] () -- C:\Users\Josh\Desktop\film-rise_of_the_guar_brow_t670.jpg
[2013/02/27 22:22:09 | 1176,881,238 | ---- | C] () -- C:\Users\Josh\Desktop\Brave.2012.R5.DVDRip.XViD.LiNE-UNiQUE.avi
[2013/02/22 17:25:30 | 223,617,781 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E15.HDTV.x264-LOL.mp4
[2013/02/21 20:35:43 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJosh.job
[2013/02/21 20:29:20 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/02/19 00:13:38 | 304,005,106 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E13.HDTV.x264-ASAP.mp4
[2013/02/19 00:07:22 | 272,979,656 | ---- | C] () -- C:\Users\Josh\Revenge.S02E14.HDTV.x264-LOL.mp4
[2013/02/08 19:10:13 | 197,718,903 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E13.HDTV.x264-LOL.mp4
[2013/02/08 19:09:03 | 275,034,425 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E11.HDTV.x264-2HD.mp4
[2013/02/05 18:47:23 | 211,096,039 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E12.HDTV.x264-LOL.mp4
[2013/01/29 09:54:50 | 307,627,631 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E10.HDTV.x264-2HD.mp4
[2013/01/25 19:44:32 | 191,434,527 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E11.HDTV.x264-LOL.mp4
[2013/01/23 09:39:33 | 251,046,656 | ---- | C] () -- C:\Users\Josh\Revenge.S02E12.HDTV.x264-LOL.[VTV].mp4
[2013/01/23 09:38:15 | 249,281,843 | ---- | C] () -- C:\Users\Josh\Revenge.S02E11.HDTV.x264-LOL.[VTV].mp4
[2013/01/18 20:20:38 | 231,752,373 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E10.HDTV.x264-LOL.mp4
[2013/01/11 09:00:28 | 249,069,527 | ---- | C] () -- C:\Users\Josh\Revenge.S02E10.HDTV.x264-LOL.[VTV].mp4
[2012/12/21 10:53:31 | 342,629,827 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E08.HDTV.x264-ASAP.mp4
[2012/12/21 10:53:27 | 302,857,906 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E09.REPACK.HDTV.x264-2HD.mp4
[2012/12/07 14:12:18 | 296,077,500 | ---- | C] () -- C:\Users\Josh\Greys.Anatomy.S09E08.HDTV.x264-2HD.mp4
[2012/11/30 20:09:55 | 262,725,661 | ---- | C] () -- C:\Users\Josh\Greys.Anatomy.S09E07.HDTV.x264-LOL.mp4
[2012/11/30 18:20:39 | 273,332,010 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E07.HDTV.x264-ASAP.mp4
[2012/11/30 10:43:59 | 252,891,957 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E07.HDTV.x264-LOL.mp4
[2012/11/27 17:42:34 | 280,532,320 | ---- | C] () -- C:\Users\Josh\Gossip.Girl.S06E07.HDTV.x264-LOL.[VTV].mp4
[2012/11/24 18:46:31 | 310,126,024 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E06.HDTV.x264-ASAP.mp4
[2012/11/24 18:46:23 | 326,109,227 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E05.HDTV.x264-ASAP.[VTV].mp4
[2012/11/24 18:45:22 | 300,911,843 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E04.HDTV.x264-ASAP.mp4
[2012/11/24 18:44:52 | 306,135,735 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E03.HDTV.x264-ASAP.mp4
[2012/10/08 09:49:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/02 10:58:01 | 000,051,270 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\room_v3.dat
[2012/03/15 17:59:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/03/15 17:59:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/03/15 11:56:18 | 000,000,041 | ---- | C] () -- C:\Users\Josh\dlmgr_.pro
[2012/03/14 16:47:06 | 000,000,012 | ---- | C] () -- C:\ProgramData\GEN3BrightnessLevel.INI
[2012/02/07 12:17:45 | 000,003,584 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 15:30:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/06 14:23:53 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Local\{54C6956D-0BD3-4E57-A236-3378D6B88228}
[2011/06/10 05:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz
[2011/06/10 05:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\Josh\AppData\Roaming\Instrument Library
[2011/06/10 05:47:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/06/10 05:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2011/06/10 05:41:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Services
[2011/06/10 05:41:25 | 000,000,268 | RH-- | C] () -- C:\Users\Josh\AppData\Roaming\InkjetPrinter
[2011/06/10 05:41:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/06/10 05:41:25 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2010/07/09 00:38:28 | 000,000,454 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/03 02:09:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\4shared Desktop
[2010/07/19 12:14:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ACD Systems
[2010/12/06 00:40:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Anarchy
[2012/10/28 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Azureus
[2013/03/16 00:40:48 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent
[2013/03/16 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Chikka Messenger
[2012/06/16 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\eBookPro6
[2011/04/02 11:41:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FOG Downloader
[2012/10/08 02:08:46 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FrostWire
[2012/05/07 00:16:39 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Gamelab
[2012/04/02 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GarenaPlus
[2011/01/07 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Kalydo
[2012/03/14 11:26:14 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LimeWire
[2013/03/16 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\mjusbsp
[2011/09/21 08:56:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Moyea
[2011/05/20 00:17:08 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ooVoo Details
[2011/02/04 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PhotoScape
[2011/01/11 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PlayFirst
[2010/11/17 12:04:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Raptr
[2012/12/15 18:19:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\RCKR
[2010/07/25 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SoftGrid Client
[2012/03/16 11:12:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SPSSInc
[2010/07/09 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Template
[2010/12/14 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Tific
[2010/06/29 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TP
[2010/09/05 08:02:36 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Uniblue
[2012/10/28 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Unity
[2012/10/08 02:10:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/03/19 18:57:12 | 000,000,000 | --SD | M] -- C:\Users\Josh\AppData\Roaming\Virtual CD v10
[2010/11/19 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\VirtualStore
[2012/10/28 17:11:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WildTangent
[2010/06/27 03:08:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WinBatch
[2010/06/26 11:15:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/03/19 19:06:20 | 000,000,358 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/03/19 19:08:22 | 000,071,502 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/03/16 18:21:40 | 000,030,495 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 09:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/06/27 03:15:58 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2008/04/11 09:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/03/20 11:10:28 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/11 09:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 07:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 07:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 07:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 07:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 07:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 07:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 09:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 07:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/02 15:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/03/20 11:10:32 | 4025,737,216 | -HS- | M] () -- C:\pagefile.sys
[2008/04/11 09:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012/10/28 17:11:22 | 000,002,029 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
[2011/01/14 07:05:50 | 000,002,304 | ---- | M] () -- C:\{05F70BC3-BBED-4BA3-87BC-8DC6C642C01D}
[2013/01/28 11:53:36 | 000,003,992 | ---- | M] () -- C:\{6109F55B-E6DA-431D-9E1B-EDBF016524A2}
[2011/01/11 23:07:53 | 000,002,280 | ---- | M] () -- C:\{707A4D8B-A010-4D09-B541-B4AC05F8AC1D}
[2010/12/22 18:56:07 | 000,002,256 | ---- | M] () -- C:\{FC037349-E825-4724-901F-06D019F8BB75}
 
< %systemroot%\Fonts\*.com >
[2009/07/14 13:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 13:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 04:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2009/07/11 04:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2012/03/08 02:25:56 | 000,001,622 | -HS- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/14 12:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/10/28 17:10:47 | 000,000,304 | -HS- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/02/03 18:22:54 | 4151,664,563 | ---- | M] (Gravity) -- C:\Users\Josh\Desktop\Ragnarok2_ver1.3.exe
[2010/09/05 08:11:21 | 002,486,137 | ---- | M] (Internet Marketing Center) -- C:\Users\Josh\Desktop\thejumpmanual.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4A74A9A7
 
< End of report >


#7 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 March 2013 - 10:38 PM

OTL Extras logfile created on: 3/20/2013 11:16:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Josh\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 62.12% Memory free
7.50 Gb Paging File | 5.77 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.16 Gb Total Space | 172.26 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
Drive D: | 12.38 Gb Total Space | 1.74 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
Drive G: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 17.59 Mb Total Space | 17.26 Mb Free Space | 98.10% Space Free | Partition Type: FAT
 
Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00006399-9AA9-4F43-859D-781EA954C5DC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0187E8D7-30BC-4DA9-886F-76AE1D23E485}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0D50B8EA-932F-488A-9149-D0AC4FBC2B65}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{160FF9AA-8BEF-4FB1-B364-4EDB9B5A6DCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B307356-011C-4448-915B-634B1FD57423}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2170F2B4-A90E-4878-AF50-682B6D176B7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{234D5911-080B-4371-80DE-C1B2E0092F5F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{429CAF8A-FFE3-4941-8613-C965DD5978B7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{43C70D28-C324-4EF9-926F-24B62E252453}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{55DA71D3-21AE-4F66-B707-9FDA0130E778}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{568D7494-7133-4E9E-B9E6-635738A461CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E093DD3-F350-4B50-ADA2-59C3F26343CC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5F8C41CD-C89E-4359-8E87-AD2313F671ED}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{61656EAB-EF70-439A-9804-38D2F000905E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62C68229-9D2F-4311-AF20-D56E8C95D68A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62D24D50-2DB8-4575-9FE0-D481FF0DA0BE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{68131E92-425E-4C12-B72B-7208B84EA23C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{688457B0-4ABD-44E4-A8ED-765D260CB25B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{794A3280-8F7C-4441-8E58-9A5F2DBDB04C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79FC3FBF-873C-48DD-A9A1-FA665E12BB42}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7AD5FD54-B73A-4BF7-A592-BC061886A6EB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7EB3E866-1E68-4656-A09C-E9A70AC22F32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{801432CB-41B8-46C5-A73C-9E5626ABB4EF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{81637C4C-505D-4740-BD1C-88E55B216D59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84CE029D-FDC0-4EE8-83CC-BA8E127E44A3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{85CCD79A-8391-46D9-837A-88D47E827602}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{88378EA1-46E5-410D-B601-33085BA2BA87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8C59C386-7E12-460A-A754-472A0E689297}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{91C9311C-6CF8-4F05-A5BD-04464FE7BAC0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{966D4CDE-945E-44BA-999B-2CA6457074DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{98853A3E-44F0-4B1E-BB66-9F7EFFCACF38}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{994EED84-042A-4388-8A04-E7E3E82911C3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{A3C63F1C-87CD-4A71-9310-0185901C158D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A6B20948-9A43-4645-80A8-781EBB80A33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A9AF548C-E8D7-4513-BE18-5F2E4D451964}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ACAC6CC7-741A-4AF0-B54A-E83FB79065A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF1EDF59-2ADA-4FA9-9FDF-E7DC518D083E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7A09FBA-1399-4411-B9C4-9638922A9B5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C577323D-EB83-45C8-8E00-3AD9BA3DDBD1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C9DE477A-A31B-4717-97D2-321F0D15191A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CD227DFC-300C-49FD-8F64-BD2755078AD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3735D29-41B9-48C1-A749-F17D732221B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E105A778-BA00-44B0-9068-3AB26D9830C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E43711BE-91A2-4A7C-AC14-FBDA1D1116F9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E726C3A4-5EA9-4DF2-8D09-E2112BA17DC9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EC344CC1-643E-49B2-922A-59A505734E09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED268884-F938-4395-BBE8-622D5D29F203}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F36E6E67-8D4B-45D1-8AAE-62FA7530E259}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE44323E-0AEF-4313-9E1F-9234C6614F29}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | 
"{FF067AC9-672E-4219-A84D-24E341397DDE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07324F49-8305-4273-83CC-FAE738FCE0D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{07331A99-5CC8-4216-BCFA-81C35D125490}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0B9D774B-51E3-41AA-8737-1DF076AF0F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{111BC017-B93E-4B27-A0C6-B9B952B78578}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14363F0D-3381-4205-B22A-8362D7E3FF25}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{15EB9F22-805B-4637-853B-AEABA160267D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{192E37F8-6A79-4216-BC21-BBD323C0B204}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{1F463CDE-77F6-4103-80AD-AADF8542750C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{237BF2DF-D0B2-4E14-9D1A-05A741FFEE25}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{26BFED21-CF39-4B3B-B553-DBAF10D1DB46}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{29FB3931-4D1A-4C89-9EB0-0E1DF03898F1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{2EC0519C-ECC3-4428-9931-2C7968FD6613}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{2EF19C0E-9E13-4424-9CA7-AA290FFB9B13}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{305F9451-0BB8-4B22-AB51-0CEA300A6092}" = dir=in | app=c:\users\josh\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{348E8630-7235-4E76-A29E-23C94D1D75A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{3B8D86FF-5B88-4309-A228-276996832B81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{408A5FF1-7C1C-4BDE-9049-3D77415CD222}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{40D4A9A1-DB2A-40A2-8DA6-7FBBD8DC08B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{49F959E3-FC28-4145-AACC-FABD4360AEFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{4B0D712B-43B5-4B07-9873-C9A79BCBD197}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4BCF167B-D4FB-47FD-AC78-A5F16A1A22B1}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{4C7A3009-A6BE-4621-A5EF-DF7A1638C3EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4F498A1B-BE21-4AC3-B969-61E096065601}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{52ED8650-D289-4F00-BB29-E4B26E1227A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{546CE7E9-0208-43E9-8807-E606CC5464CF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{569779F2-B6C2-4DD8-8919-BD4A3C3A4F1B}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe | 
"{59C95732-927B-472C-A573-368231D48B63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5ADED62A-AA8F-4CD8-A09B-EEC791857F8B}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{5B43CF21-7BFA-4906-A45A-02E6619032DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{5BF8F2E4-1F94-4305-B833-37646685C9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5CAB3484-DF41-41CA-B7AE-60667F1EA986}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{60D2243C-6C3B-4FAB-93D9-1FBC2C415F1E}" = protocol=6 | dir=out | app=system | 
"{65DE3692-DDBF-4411-AA12-C8BF5190A4E4}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{65E4B60F-7B00-4731-9F14-3D853C41BE5E}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe | 
"{66C98783-18E4-4211-9D19-7B5CA64C7580}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{675F4F03-8323-464C-AEBA-25D962274A65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6AC84CFE-B4AE-452E-A410-3C000B4BBFB0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{6C065D2E-6793-4F0F-AE25-FE3F0BBFEDD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{6C9CD825-CF9D-4761-9F58-B32B261BCED7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{6D5CD895-5890-4EC7-8507-2F16E8EF9C86}" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe | 
"{6D6E285F-B28C-4B7D-ACC0-A3F41A130F3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{6DB27241-D4A4-4339-A479-8913BC74DB2B}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe | 
"{6E8FA7D5-C065-4091-8F93-060092340726}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6EBC37C8-7D32-4685-9313-70C7DAEA89B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6FD7BD67-0D76-4301-844A-3BE2F6EF68B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7398AE56-729D-47A8-8206-1C5ED9F116C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{749952CA-24DD-40B1-9627-49C3281A3B6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{749EE3F1-8A06-4283-9A70-18402ABA3F77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7822E3DF-205A-4A6B-9C1F-03FBA2FC9F2B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{799BB079-5980-4F8C-B57F-EB0005C2CCB6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7AF85837-0A11-45E1-B6B0-2F02CD24F70F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{7E5246A3-D609-4516-93D8-2DAC94421B8D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8175DA7A-EBCB-4054-A93F-A01D58D91E50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87995C35-6B80-486C-AF02-F79ED381308E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{8A6568BB-3F37-404A-AA11-D05909798B27}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{8BE241EA-074E-403B-BB93-068C1F432261}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{98B329D1-B59C-42FF-BFC2-7DBFD4BB64E1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{991520E2-9B41-4B8E-8760-2EBFD87E7220}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D94C42B-BE8C-4D13-926B-CE925BEB3860}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{9F60F47A-CB9C-4B11-84BA-C0F96D2667D0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A01A097F-AA58-4665-BAB7-416217F5D14D}" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe | 
"{A7037573-FCD9-4DAB-A507-8564C0186FBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{A82E6DE7-9850-4726-BE24-ACC8FE61A476}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{ACC21A75-C2FE-44D5-8099-47E2C06D2427}" = protocol=17 | dir=in | app=e:\install\qrswizard.exe | 
"{ACFCC8E5-ED98-4CED-841C-C6F8EC1B8584}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe | 
"{ADA5CAB2-7229-4CA5-B7F7-84D14007622D}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{ADC1068D-AABA-47C9-B854-F3C4EF92FE81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{B19948B0-F374-4ADB-A954-AA2B74A73452}" = protocol=6 | dir=in | app=e:\install\qrswizard.exe | 
"{B6A27EE6-8A6D-409F-BA8E-A799858225F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BDD93FC3-1C9B-4DEE-A265-EDB741B0D940}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BDDAB7E7-BE32-42AC-967F-E6F92D38F7C2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BDF0EF24-4B84-41E5-890B-3C3952E292E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{BE24915A-EE4E-42A8-B8B9-C8C0796915C6}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe | 
"{BF20DB8B-8944-4DFD-9299-7B09370FFA4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{C22C8CFA-7E57-4B83-B98E-2238711616BD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{C28E42D2-BCA3-4A4A-BA4A-7E66426CA8FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{C3615F64-F741-4231-9C39-0BBBF69FF3B5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C4E79292-770F-41ED-9BDB-BC90CB354736}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{C55679FF-0C0E-4A27-B2E9-8E8412767E98}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{C823A9D0-3D4E-4363-8D53-2CE98E16F90C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{D2E63AB8-CF58-415D-B4B9-AC0B951F2E21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D773E68C-CA8B-4A75-8E16-CCDA3D9073B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{DC794033-3E2E-4904-90BA-BFC678A4EB41}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{DE387AEB-5025-4EDD-A63C-15D82DA07B73}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DEC8B5AA-57CA-424F-87AA-4DC4C8BB2673}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{DF0FC037-65B1-4D41-9A96-1A0A3C85B6E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E073CAB2-A765-4E98-9EC1-F77810353595}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{E0E9030E-69CB-49EA-8C75-5D9FAB03F46F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{E1CB409B-5F32-42C0-8594-64291B57B801}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{E3BB1AB0-1376-4C9F-B481-D8D4728681BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E52E0C37-4F2B-43C6-AF3C-8464E1E46BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E5E01DA3-5C7A-4F0A-BABD-48B1E23599EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED4EA0FF-D769-41C3-BBFC-E15BDC1D049C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EF6873B6-CEBA-4426-9569-473155418433}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{EFB14E48-5AA0-4021-BC64-6548576C7CCC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{F12B9F85-2D4E-4A5F-964E-685673946CE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2E3FE9C-FCDD-4D9D-BC1D-A2F450F7431C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F4F98767-B84B-4FB2-B43B-C0B016C42DE6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F58CAF15-B4D5-4BA3-856A-82530F563514}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{F6C931EF-1400-467B-8884-D4583EFFC43A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{F8802E29-672A-4E3C-AFB9-C5A9A78E1E22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{FA304772-4ECD-499A-B906-4ADA07B416DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD3A3937-AD26-416B-AD9B-6FD314E7C8B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"TCP Query User{03CD64AC-1708-4AA0-A8CA-FA6108F73C70}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{08AA7EA8-3558-418C-9ED0-72A2B2ADE1E1}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{128E98CF-9762-497C-A14B-B7DB62175B8C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{144DA768-4443-490B-8C36-2C2C239D582B}C:\users\josh\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\josh\program files (x86)\dna\btdna.exe | 
"TCP Query User{245FE22E-D6C1-4E52-859A-4248F0A30FE3}C:\users\josh\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3C802F3A-0D94-40B7-8B47-265BC95981CA}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{50AE70EE-DC5B-4176-953D-2AE14B5CD208}C:\users\josh\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\josh\program files (x86)\dna\btdna.exe | 
"TCP Query User{53FCCC2D-120F-4BBB-BCA4-E7CBE690BDD5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{5C6DFF29-D3B6-45EE-B831-9C7B8CB272C7}C:\program files (x86)\gameclub\philippines\specialforce\specialforce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameclub\philippines\specialforce\specialforce.exe | 
"TCP Query User{6E92B418-1BBF-4BB9-AF07-D84124A79F67}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{8C16303F-936B-45DA-BF95-1C3F23573F43}C:\users\josh\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\josh\appdata\roaming\mjusbsp\magicjack.exe | 
"TCP Query User{9D5DF0D7-4441-4E91-B592-1905A2057850}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"TCP Query User{B510A804-A258-4918-BB86-7A7E78C8B9AC}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{B60619F7-0BF3-4E30-A3B3-6E9779BD71B6}C:\users\josh\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\josh\appdata\roaming\mjusbsp\magicjack.exe | 
"TCP Query User{C1F20410-4D34-441A-8179-D86B2E4FD6ED}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{C559CC99-D4B9-45FA-9200-9B44354F6719}C:\program files (x86)\softnyxgame\gunboundis\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\softnyxgame\gunboundis\gunbound.gme | 
"TCP Query User{D71D59E1-0E80-4FE0-BFEC-93E276441585}C:\users\josh\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\josh\desktop\warcraft iii\war3.exe | 
"TCP Query User{F2CFA9FC-2C1F-4C14-B1B9-1B49CD54F1A3}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"TCP Query User{FA758B4F-9E5F-4630-9B0F-715A45AAD760}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"UDP Query User{23531213-DBB0-487E-8414-9D3949153B65}C:\users\josh\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\josh\program files (x86)\dna\btdna.exe | 
"UDP Query User{2C867BA2-7E4A-4F8C-AF4D-1D92BCAA8EB2}C:\users\josh\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\josh\desktop\warcraft iii\war3.exe | 
"UDP Query User{37227DCE-25E7-4F78-B6C1-5A1D53356BFF}C:\users\josh\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3D10B9E5-24AA-486B-917E-B818241652AB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{3F873632-625E-4DEF-A91E-96A1E1500486}C:\users\josh\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\josh\appdata\roaming\mjusbsp\magicjack.exe | 
"UDP Query User{51680CDD-4995-4047-8FD6-A96B90BA4D2C}C:\program files (x86)\softnyxgame\gunboundis\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\softnyxgame\gunboundis\gunbound.gme | 
"UDP Query User{59DA6DC2-94A5-4DB6-BC61-EE0281A305DD}C:\program files (x86)\gameclub\philippines\specialforce\specialforce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameclub\philippines\specialforce\specialforce.exe | 
"UDP Query User{6732F5AC-50D4-43DB-89D4-361E17655FA9}C:\users\josh\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\josh\appdata\roaming\mjusbsp\magicjack.exe | 
"UDP Query User{7F116E5D-E41E-49FC-85A2-0B3F8535E865}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{83C401A9-F24F-4262-A9FE-9B87D91B05C1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{94E407C5-33CF-4BCB-8DE9-192C8DE34A48}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 
"UDP Query User{B6F778DA-5364-42FE-82F2-3D5D07B8E6E1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{BB01DDF7-8BCC-430C-AE8B-A57B9758CA12}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{D6390494-99F4-453E-B3CA-7646029728D1}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"UDP Query User{DED10A6C-8576-4629-898C-9B594BC2A1AA}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{E34A1626-A715-4AB9-BD62-3FF594C36D76}C:\users\josh\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\josh\program files (x86)\dna\btdna.exe | 
"UDP Query User{E5EFD1DC-929E-4BDB-B879-AA6D92B3404C}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{E60E5C75-A249-4F35-A463-672EB8E8351F}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{F4F4BE7A-2065-4719-81C4-360E22826F74}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{3BE67F40-8872-4F43-8CC9-6762E204D9AA}" = FastPictureViewer 1.2 (64-bit)
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E79651C-E924-4EB6-BBC5-4204988973FC}" = DjVu Shell Extension Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B904D0AE-C4D8-4808-AEB9-FAFCC9F6EB1B}_is1" = IAHGames Player 2.03.2116
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"EPSON ME 32 Series" = EPSON ME 32 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}" = YTD Toolbar v7.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2DBE7159-9081-4DDB-B8DB-31692A41008F}" = HP TouchSmart Notes
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{35E68F63-DFF2-4146-90E8-58C211CE74E7}_is1" = Cake Mania
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B0A62A4-FA3A-4112-A20E-0CC27D7B0B3D}_is1" = Moyea PPT to PDF Converter version 1.2.0.8
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C6A9286-2A4B-43DF-A322-01ABFFDCD248}" = Ragnarok Online2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{424CECC6-CEB1-4A5F-9A42-ADE64F035DEB}" = HP TouchSmart
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44F61424-3998-4203-A1B5-A64E7E12B1D4}_is1" = Lemonade Tycoon 2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7AE408-7846-4D13-81F7-D4447A994DBA}" = Calendar
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F12B024-2681-4080-9B24-918D04A8E609}" = HP TouchSmart Canvas
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{6295D2D0-11CB-48F6-A2CF-0E2917A17369}" = HP TouchSmart Calendar
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71310D9B-7555-44FE-914C-A1B55CB7BC5D}" = Scrapbook
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{84E226BE-DA00-4417-98D7-96BA49E7060B}" = HP TouchSmart RecipeBox
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{92E64C51-5096-442F-9A44-61CB2941391D}" = ACDSee 4.0 PowerPack Suite
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{ABB2A845-DD44-4147-95CD-6C18271E5EC2}" = HP TouchSmart Tutorials
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AE8C4181-26D7-4E92-A6EF-81BB2A8E0230}" = HP TouchSmart Twitter
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBD9FAD7-F782-4548-B00F-E612322950F6}" = GameClub Launcher (Remove only)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{BF6B7982-9189-4765-9DD3-039CE6D69C0C}" = Buttons & OSDs control application gen3
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C867F57B-39C1-4341-A164-F569839BCCBF}" = Cards
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"{FBDFCC44-C87A-41E4-BB0D-587AF3300544}" = X-Lite 4
"{FD011F34-749C-47E0-BA48-6009412C4789}" = ArcSoft Print Creations
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4shared Desktop" = 4shared Desktop
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Atlas Of Histology" = Atlas Of Histology
"BitTorrent" = BitTorrent
"Coffee Rush 2 1.00" = Coffee Rush 2 1.00
"Cooking Dash 2- DinerTown Studios ." = Cooking Dash 2- DinerTown Studios .
"Cooking Dash 3 Thrills and Spills Collectors Edition 1.00" = Cooking Dash 3 Thrills and Spills Collectors Edition 1.00
"DivX Setup" = DivX Setup
"EPSON ME 32 Series Manual" = EPSON ME 32 Series Manual
"Family Feud™" = Family Feud™ (remove only)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Garena" = Garena 2010
"Globe Broadband Click Fix_is1" = Globe Broadband Click Fix
"GunboundIS_is1" = GunboundIS
"GunboundS2_is1" = GunboundS2
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"iConcepts Webcam Manager" = iConcepts Webcam Manager
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"iWinArcade" = iWin Games (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoScape" = PhotoScape
"Pizza Frenzy_is1" = Pizza Frenzy
"RanOnline" = Ran Online PH 7.0.845.0
"RealPlayer 15.0" = RealPlayer
"SpecialForce" = Special Force(Remove only)
"TVUPlayer" = TVUPlayer 2.5.3.1
"uBook" = µBook 0.9g
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Warcraft III Reign of Chaos & The Frozen Throne" = Warcraft III Reign of Chaos & The Frozen Throne
"Wedding Dash 4 Ever 1.00" = Wedding Dash 4 Ever 1.00
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT011564" = Polar Bowler
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"KalydoPlayer" = Kalydo Player 3.08.01
"magicJack" = magicJack
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/18/2013 2:24:30 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/18/2013 2:24:30 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/18/2013 10:32:17 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/18/2013 10:32:17 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/18/2013 10:32:46 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/18/2013 10:32:46 PM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/19/2013 1:07:01 AM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/19/2013 1:07:01 AM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/19/2013 1:07:29 AM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/19/2013 1:07:29 AM | Computer Name = Josh-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 3/19/2013 3:39:54 PM | Computer Name = Josh-PC | Source = Application Hang | ID = 1002
Description = The program HPDVDSmart.exe version 3.1.1.3317 stopped interacting 
with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e70    Start
 Time: 01ce24d5744cc860    Termination Time: 14    Application Path: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
 
Report
 Id: bfacb83e-90cc-11e2-bd5b-7071bc1d15a8  
 
[ Hewlett-Packard Events ]
Error - 2/20/2013 1:23:46 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:26:19 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:28:56 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:31:15 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:33:56 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:36:29 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:41:32 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/20/2013 1:42:01 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 2/27/2013 12:09:02 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3839
Ram
 Utilization: 70  TargetSite: Void addTempSession()  
 
Error - 3/6/2013 12:10:57 AM | Computer Name = Josh-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3839
Ram
 Utilization: 40  TargetSite: Void addTempSession()  
 
[ Media Center Events ]
Error - 10/7/2012 9:50:00 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description = 
 
Error - 10/7/2012 9:51:40 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 9:52:42 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 9:54:48 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 9:58:18 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 9:59:39 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 10:00:32 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 10/7/2012 10:05:39 PM | Computer Name = Josh-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
[ System Events ]
Error - 3/18/2013 12:38:37 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
 error:   %%1053
 
Error - 3/18/2013 12:39:16 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
 Shadow Copy service to connect.
 
Error - 3/18/2013 12:39:16 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
 error:   %%1053
 
Error - 3/18/2013 12:39:57 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
 Shadow Copy service to connect.
 
Error - 3/18/2013 12:40:01 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
 error:   %%1053
 
Error - 3/18/2013 12:40:44 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
 Shadow Copy service to connect.
 
Error - 3/18/2013 12:40:50 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
 error:   %%1053
 
Error - 3/18/2013 9:56:04 PM | Computer Name = Josh-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 3/19/2013 3:59:48 AM | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 3/19/2013 11:11:35 PM | Computer Name = Josh-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >


#8 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 March 2013 - 10:41 PM

Nothing happened when I tried to click on the DDS download button. Those are the reports of the OTL scan, I hope I did it correctly. Thanks! 



#9 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 March 2013 - 12:42 AM

Double click on OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :

:Processes





:OTL

SRV - [2010/09/03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}

IE - HKCU\..\SearchScopes\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02

FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:7.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7

FF - prefs.js..keyword.URL: "http://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/12/15 15:32:45 | 000,000,000 | ---D | M]

File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}

O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:D287FACF

@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4A74A9A7

:Services



:Reg



:Files



:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]


Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer

Please post the  OTL log.
 

 


Posted Image

#10 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 22 March 2013 - 08:02 PM

OTL logfile created on: 3/23/2013 1:29:49 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Josh\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 66.71% Memory free
7.50 Gb Paging File | 5.51 Gb Available in Paging File | 73.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.16 Gb Total Space | 167.48 Gb Free Space | 24.41% Space Free | Partition Type: NTFS
Drive D: | 12.38 Gb Total Space | 1.74 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
 
Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/20 11:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/10/26 15:01:45 | 001,398,680 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/10/10 03:00:24 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/24 15:50:54 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2009/10/23 10:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/11 10:39:54 | 000,025,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/09/11 10:37:08 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 16:28:24 | 000,200,384 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Globe Telecom\Click Fix\bin\sprtsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/20 16:17:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/20 16:16:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/03 03:27:09 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/02/03 01:02:50 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/02/03 00:54:10 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/02/03 00:44:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/02/03 00:36:34 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll
MOD - [2013/02/03 00:36:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/03 00:36:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/02/03 00:29:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/03 00:26:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/03 00:24:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/03 00:06:48 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/03 00:06:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/23 10:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/02/03 04:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/14 22:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 22:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/15 21:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/03/19 10:44:34 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 12:36:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/14 14:55:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/13 07:22:05 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/09/14 00:35:23 | 004,234,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/09/03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 15:50:54 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2009/09/11 10:37:08 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/21 16:28:24 | 000,200,384 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Globe Telecom\Click Fix\bin\sprtsvc.exe -- (sprtsvc_globe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/14 14:55:12 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/01/14 14:55:12 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/14 14:55:12 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/28 14:28:28 | 000,027,848 | ---- | M] (RSJ Software GmbH) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproiah.sys -- (vproiah)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/10 13:10:08 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/02/03 04:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/03 04:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 03:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/09/17 17:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 17:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/08/21 08:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 10:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009/06/22 23:01:26 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 22:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/06/09 19:41:31 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/33
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8C94053-E7E0-4971-896D-7A88AA6AFCA6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E110C716-A549-4EC7-94DF-26F0D256D6A9}: "URL" = http://fl.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKCU\..\SearchScopes\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:7.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: SearchToolbar@skywebsearch.com:3.8
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54}:3.3.3.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/03/04 16:00:13 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@iahgames.com/prodown: C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll (RSJ Software GmbH)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/03/04 16:00:13 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown:  File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.08.01: C:\Users\Josh\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Josh\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/08 16:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/12/15 15:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 03:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/13 03:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 03:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/03/16 19:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/03/16 19:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/03/16 19:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:36:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/08 16:54:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SearchToolbar@skywebsearch.com: C:\Program Files (x86)\SaveTubeVideo.com\SaveTubeVideo\FF
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 12:36:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 12:36:45 | 000,000,000 | ---D | M]
 
[2010/06/29 22:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2010/06/29 22:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/03/19 19:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions
[2013/03/01 22:12:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/24 20:13:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/14 12:51:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\firefox@tvunetworks.com
[2013/01/23 19:54:52 | 000,005,958 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\4sharedCopyLinks.xpi
[2013/02/01 20:53:11 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\OneClickDownload@OneClickDownload.com.xpi
[2013/02/24 20:13:25 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\plugin@yontoo.com.xpi
[2012/12/14 02:07:43 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/03/08 12:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 12:36:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/03 15:42:19 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2013/03/08 12:36:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/12/18 01:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2012/10/10 03:00:34 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2013/01/09 13:07:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/28 12:42:58 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: IAHGames (Enabled) = C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Josh\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Josh\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Josh\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.23.1_0\
CHR - Extension: YouTube = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Fast save = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokofgddojnaobbleoaobajhafnhmfb\1.1_0\
CHR - Extension: Virtual Keyboard = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/03/16 18:11:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Josh\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [EPSON ME 32 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEC.EXE /FU "C:\Users\Josh\AppData\Local\Temp\E_S1EF5.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK File not found
O8:64bit: - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK File not found
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games.com.ph/com/EGamesPlugin.cab (EGamesPlugin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F843ED-BB66-4D40-89CB-BA04DF7BB600}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA7634BD-5912-4500-A45B-10D578EB523B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/22 23:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/22 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\New folder
[2013/03/21 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Facebook_files
[2013/03/21 14:20:30 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Macromedia
[2013/03/21 11:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN
[2013/03/20 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Woodcrest Residences   Cebu Home_files
[2013/03/20 13:58:44 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/03/19 10:01:15 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/18 11:33:26 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\finals by subject
[2013/03/17 12:33:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/17 12:33:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/17 12:33:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/17 12:33:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/17 12:33:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/17 12:33:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/17 12:33:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/17 12:33:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/17 12:33:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/17 12:33:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/17 12:33:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/17 12:33:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/17 12:33:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/17 12:32:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/17 12:32:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/17 12:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/17 12:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/17 12:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/16 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/03/16 19:37:54 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/03/16 19:36:27 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/03/16 19:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/03/16 19:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/03/16 19:35:59 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/03/16 19:35:59 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/03/16 18:11:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/16 17:51:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/16 17:51:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/16 17:51:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/16 17:26:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/16 17:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/03/16 15:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2013/03/15 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\GOT 2
[2013/03/15 12:18:06 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\PE Day
[2013/03/14 22:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/14 22:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/13 00:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/03/12 23:46:14 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/12 23:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/12 23:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/12 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Malwarebytes
[2013/03/12 16:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/12 16:54:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/12 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/12 16:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/08 12:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 02:11:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\camille
[2013/03/04 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Best of you tube
[2013/03/03 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2013/03/03 14:00:44 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\game of thrones
[2013/03/03 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\Josh\Arrow S01E15 480p HDTV x264 [VectoR]
[2013/03/03 02:09:32 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\4shared Desktop
[2013/03/03 02:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools
[2013/03/03 02:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop
[2013/03/03 02:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4shared Desktop
[2013/03/03 02:04:24 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Music Of The Night Mp3 Download_files
[2013/02/27 22:22:57 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Warm.Bodies.2013.HDCAM.XviD.READNFO-THC
[2013/02/27 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Gangster Squad 2013 R6 HDRip.XviD.Feel-Free
[2013/02/27 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\CHD7 ANNUAL 2011
[2013/02/26 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Josh\The Walking Dead S03E11 HDTV x264-2HD[ettv]
[2013/02/23 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Josh\Naked Weapon 2002 DVDRip [Eng-Hin] [Accipiter]
[2013/02/21 20:30:16 | 000,027,456 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys
[2013/02/21 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/02/21 20:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/02/21 20:25:32 | 000,000,000 | ---D | C] -- C:\swsetup
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/23 01:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 00:56:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2013/03/23 00:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/22 23:49:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2013/03/22 23:35:33 | 001,313,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/22 23:35:33 | 000,449,528 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/22 23:35:33 | 000,005,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/22 23:28:56 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 21:54:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/22 18:40:01 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Josh.job
[2013/03/22 17:59:08 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Josh.job
[2013/03/22 17:40:22 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 17:40:22 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 17:31:57 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Josh.job
[2013/03/22 17:31:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/22 17:31:39 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/03/22 17:31:21 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/22 12:34:06 | 001,121,497 | ---- | M] () -- C:\Users\Josh\Desktop\jogz1.png2.png3.png
[2013/03/22 12:33:58 | 001,121,497 | ---- | M] () -- C:\Users\Josh\Desktop\jogz1.png2.png
[2013/03/22 12:21:16 | 001,209,061 | ---- | M] () -- C:\Users\Josh\Desktop\jogz1.png
[2013/03/22 08:49:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2013/03/22 08:26:14 | 000,146,339 | ---- | M] () -- C:\Users\Josh\Desktop\appleid.jpg
[2013/03/21 14:31:08 | 001,218,562 | ---- | M] () -- C:\Users\Josh\Desktop\Facebook.htm
[2013/03/21 12:52:48 | 000,001,326 | ---- | M] () -- C:\Users\Josh\Desktop\Norton Installation Files.lnk
[2013/03/21 10:56:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2013/03/21 03:00:32 | 000,482,010 | ---- | M] () -- C:\Users\Josh\Desktop\easter_bunny_by_darrachese-d5n0wz2.png
[2013/03/20 18:46:18 | 000,038,811 | ---- | M] () -- C:\Users\Josh\Desktop\Woodcrest Residences   Cebu Home.htm
[2013/03/20 18:22:39 | 000,112,257 | ---- | M] () -- C:\Users\Josh\Desktop\434.jpg
[2013/03/20 18:22:25 | 000,095,937 | ---- | M] () -- C:\Users\Josh\Desktop\438.jpg
[2013/03/20 18:22:08 | 000,108,982 | ---- | M] () -- C:\Users\Josh\Desktop\Slide117.jpg
[2013/03/20 16:22:22 | 000,221,019 | ---- | M] () -- C:\Users\Josh\Desktop\nso.png
[2013/03/19 10:44:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/19 10:44:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/16 19:42:18 | 000,052,472 | ---- | M] () -- C:\Users\Josh\Desktop\542728_630679690290830_537156120_n.jpg
[2013/03/16 19:37:55 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/03/16 18:44:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/03/16 18:11:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/16 15:12:41 | 000,000,991 | ---- | M] () -- C:\Users\Josh\Desktop\magicJack.lnk
[2013/03/14 22:57:41 | 000,053,267 | ---- | M] () -- C:\Users\Josh\Desktop\420304_189100881201101_818329349_n.jpg
[2013/03/12 20:42:10 | 000,066,146 | ---- | M] () -- C:\Users\Josh\Desktop\156027_10200187907293601_2023397190_n.jpg
[2013/03/12 16:54:15 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/11 17:02:57 | 000,115,775 | ---- | M] () -- C:\Users\Josh\Desktop\74305_2656860797446_1964560268_n.jpg
[2013/03/08 12:56:32 | 000,002,046 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/07 10:05:51 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJosh.job
[2013/03/07 07:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/03/04 05:22:38 | 270,678,625 | ---- | M] () -- C:\Users\Josh\Arrow.S01E16.HDTV.x264-LOL.mp4
[2013/03/04 04:40:56 | 327,679,534 | ---- | M] () -- C:\Users\Josh\Arrow.S01E14.HDTV.x264-LOL.mp4
[2013/03/04 03:37:15 | 000,001,256 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/03 21:30:47 | 011,725,316 | ---- | M] () -- C:\Users\Josh\Desktop\The Phantom of the Opera - 2004 Movie Soundtrack - 13. All I Ask of You.mp3
[2013/03/03 17:57:42 | 290,159,477 | ---- | M] () -- C:\Users\Josh\Arrow.S01E12.HDTV.x264-LOL.[VTV].mp4
[2013/03/03 17:18:52 | 316,393,472 | ---- | M] () -- C:\Users\Josh\Arrow.S01E13.SweSub.HDTV.x264.REPACK-LOL.avi
[2013/03/03 02:09:30 | 000,001,939 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2013/03/03 02:08:35 | 000,001,903 | ---- | M] () -- C:\Users\Josh\Desktop\4shared Desktop.lnk
[2013/03/02 23:04:02 | 000,587,385 | ---- | M] () -- C:\Users\Josh\Desktop\Untitled.png
[2013/02/28 10:00:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/02/22 18:33:54 | 223,617,781 | ---- | M] () -- C:\Users\Josh\The.Vampire.Diaries.S04E15.HDTV.x264-LOL.mp4
[2013/02/21 20:29:20 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
 
========== Files Created - No Company Name ==========
 
[2013/03/22 23:28:56 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/22 12:34:05 | 001,121,497 | ---- | C] () -- C:\Users\Josh\Desktop\jogz1.png2.png3.png
[2013/03/22 12:22:13 | 001,121,497 | ---- | C] () -- C:\Users\Josh\Desktop\jogz1.png2.png
[2013/03/22 08:25:14 | 000,146,339 | ---- | C] () -- C:\Users\Josh\Desktop\appleid.jpg
[2013/03/21 14:31:08 | 001,218,562 | ---- | C] () -- C:\Users\Josh\Desktop\Facebook.htm
[2013/03/21 03:00:31 | 000,482,010 | ---- | C] () -- C:\Users\Josh\Desktop\easter_bunny_by_darrachese-d5n0wz2.png
[2013/03/20 18:46:15 | 000,038,811 | ---- | C] () -- C:\Users\Josh\Desktop\Woodcrest Residences   Cebu Home.htm
[2013/03/20 18:38:04 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Josh.job
[2013/03/20 18:38:01 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Josh.job
[2013/03/20 18:38:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Josh.job
[2013/03/20 18:22:39 | 000,112,257 | ---- | C] () -- C:\Users\Josh\Desktop\434.jpg
[2013/03/20 18:22:22 | 000,095,937 | ---- | C] () -- C:\Users\Josh\Desktop\438.jpg
[2013/03/20 18:22:08 | 000,108,982 | ---- | C] () -- C:\Users\Josh\Desktop\Slide117.jpg
[2013/03/20 16:22:22 | 000,221,019 | ---- | C] () -- C:\Users\Josh\Desktop\nso.png
[2013/03/20 13:58:44 | 000,001,326 | ---- | C] () -- C:\Users\Josh\Desktop\Norton Installation Files.lnk
[2013/03/19 10:01:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/16 19:42:18 | 000,052,472 | ---- | C] () -- C:\Users\Josh\Desktop\542728_630679690290830_537156120_n.jpg
[2013/03/16 19:38:15 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/03/16 17:51:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/16 17:51:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/16 17:51:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/16 17:51:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/16 17:51:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/15 01:24:31 | 001,209,061 | ---- | C] () -- C:\Users\Josh\Desktop\jogz1.png
[2013/03/14 22:57:41 | 000,053,267 | ---- | C] () -- C:\Users\Josh\Desktop\420304_189100881201101_818329349_n.jpg
[2013/03/12 23:46:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/03/12 20:42:05 | 000,066,146 | ---- | C] () -- C:\Users\Josh\Desktop\156027_10200187907293601_2023397190_n.jpg
[2013/03/12 16:54:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/11 17:02:57 | 000,115,775 | ---- | C] () -- C:\Users\Josh\Desktop\74305_2656860797446_1964560268_n.jpg
[2013/03/04 03:37:15 | 000,001,256 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/03/03 21:28:44 | 011,725,316 | ---- | C] () -- C:\Users\Josh\Desktop\The Phantom of the Opera - 2004 Movie Soundtrack - 13. All I Ask of You.mp3
[2013/03/03 13:58:38 | 000,005,348 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/03 12:46:11 | 270,678,625 | ---- | C] () -- C:\Users\Josh\Arrow.S01E16.HDTV.x264-LOL.mp4
[2013/03/03 12:42:34 | 327,679,534 | ---- | C] () -- C:\Users\Josh\Arrow.S01E14.HDTV.x264-LOL.mp4
[2013/03/03 12:41:15 | 316,393,472 | ---- | C] () -- C:\Users\Josh\Arrow.S01E13.SweSub.HDTV.x264.REPACK-LOL.avi
[2013/03/03 12:37:58 | 290,159,477 | ---- | C] () -- C:\Users\Josh\Arrow.S01E12.HDTV.x264-LOL.[VTV].mp4
[2013/03/03 02:09:30 | 000,001,939 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2013/03/03 02:08:34 | 000,001,903 | ---- | C] () -- C:\Users\Josh\Desktop\4shared Desktop.lnk
[2013/03/02 23:04:01 | 000,587,385 | ---- | C] () -- C:\Users\Josh\Desktop\Untitled.png
[2013/02/27 22:22:09 | 1176,881,238 | ---- | C] () -- C:\Users\Josh\Desktop\Brave.2012.R5.DVDRip.XViD.LiNE-UNiQUE.avi
[2013/02/22 17:25:30 | 223,617,781 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E15.HDTV.x264-LOL.mp4
[2013/02/21 20:35:43 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJosh.job
[2013/02/21 20:29:20 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/02/19 00:13:38 | 304,005,106 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E13.HDTV.x264-ASAP.mp4
[2013/02/19 00:07:22 | 272,979,656 | ---- | C] () -- C:\Users\Josh\Revenge.S02E14.HDTV.x264-LOL.mp4
[2013/02/08 19:10:13 | 197,718,903 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E13.HDTV.x264-LOL.mp4
[2013/02/08 19:09:03 | 275,034,425 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E11.HDTV.x264-2HD.mp4
[2013/02/05 18:47:23 | 211,096,039 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E12.HDTV.x264-LOL.mp4
[2013/01/29 09:54:50 | 307,627,631 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E10.HDTV.x264-2HD.mp4
[2013/01/25 19:44:32 | 191,434,527 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E11.HDTV.x264-LOL.mp4
[2013/01/23 09:39:33 | 251,046,656 | ---- | C] () -- C:\Users\Josh\Revenge.S02E12.HDTV.x264-LOL.[VTV].mp4
[2013/01/23 09:38:15 | 249,281,843 | ---- | C] () -- C:\Users\Josh\Revenge.S02E11.HDTV.x264-LOL.[VTV].mp4
[2013/01/18 20:20:38 | 231,752,373 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E10.HDTV.x264-LOL.mp4
[2013/01/11 09:00:28 | 249,069,527 | ---- | C] () -- C:\Users\Josh\Revenge.S02E10.HDTV.x264-LOL.[VTV].mp4
[2012/12/21 10:53:31 | 342,629,827 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E08.HDTV.x264-ASAP.mp4
[2012/12/21 10:53:27 | 302,857,906 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E09.REPACK.HDTV.x264-2HD.mp4
[2012/12/07 14:12:18 | 296,077,500 | ---- | C] () -- C:\Users\Josh\Greys.Anatomy.S09E08.HDTV.x264-2HD.mp4
[2012/11/30 20:09:55 | 262,725,661 | ---- | C] () -- C:\Users\Josh\Greys.Anatomy.S09E07.HDTV.x264-LOL.mp4
[2012/11/30 18:20:39 | 273,332,010 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E07.HDTV.x264-ASAP.mp4
[2012/11/30 10:43:59 | 252,891,957 | ---- | C] () -- C:\Users\Josh\The.Vampire.Diaries.S04E07.HDTV.x264-LOL.mp4
[2012/11/27 17:42:34 | 280,532,320 | ---- | C] () -- C:\Users\Josh\Gossip.Girl.S06E07.HDTV.x264-LOL.[VTV].mp4
[2012/11/24 18:46:31 | 310,126,024 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E06.HDTV.x264-ASAP.mp4
[2012/11/24 18:46:23 | 326,109,227 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E05.HDTV.x264-ASAP.[VTV].mp4
[2012/11/24 18:45:22 | 300,911,843 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E04.HDTV.x264-ASAP.mp4
[2012/11/24 18:44:52 | 306,135,735 | ---- | C] () -- C:\Users\Josh\Beauty.and.the.Beast.2012.S01E03.HDTV.x264-ASAP.mp4
[2012/10/08 09:49:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/02 10:58:01 | 000,051,270 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\room_v3.dat
[2012/03/15 17:59:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/03/15 17:59:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012/03/15 11:56:18 | 000,000,041 | ---- | C] () -- C:\Users\Josh\dlmgr_.pro
[2012/03/14 16:47:06 | 000,000,012 | ---- | C] () -- C:\ProgramData\GEN3BrightnessLevel.INI
[2012/02/07 12:17:45 | 000,003,584 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 15:30:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/06 14:23:53 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Local\{54C6956D-0BD3-4E57-A236-3378D6B88228}
[2011/06/10 05:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz
[2011/06/10 05:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\Josh\AppData\Roaming\Instrument Library
[2011/06/10 05:47:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/06/10 05:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2011/06/10 05:41:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Services
[2011/06/10 05:41:25 | 000,000,268 | RH-- | C] () -- C:\Users\Josh\AppData\Roaming\InkjetPrinter
[2011/06/10 05:41:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/06/10 05:41:25 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts
[2010/07/09 00:38:28 | 000,000,454 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/03 02:09:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\4shared Desktop
[2010/07/19 12:14:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ACD Systems
[2010/12/06 00:40:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Anarchy
[2012/10/28 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Azureus
[2013/03/23 01:40:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent
[2013/03/16 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Chikka Messenger
[2012/06/16 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\eBookPro6
[2011/04/02 11:41:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FOG Downloader
[2012/10/08 02:08:46 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FrostWire
[2012/05/07 00:16:39 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Gamelab
[2012/04/02 14:11:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\GarenaPlus
[2011/01/07 22:23:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Kalydo
[2012/03/14 11:26:14 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\LimeWire
[2013/03/16 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\mjusbsp
[2011/09/21 08:56:15 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Moyea
[2011/05/20 00:17:08 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ooVoo Details
[2011/02/04 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PhotoScape
[2011/01/11 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PlayFirst
[2010/11/17 12:04:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Raptr
[2012/12/15 18:19:11 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\RCKR
[2010/07/25 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SoftGrid Client
[2012/03/16 11:12:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SPSSInc
[2010/07/09 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Template
[2010/12/14 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Tific
[2010/06/29 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TP
[2010/09/05 08:02:36 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Uniblue
[2012/10/28 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Unity
[2012/10/08 02:10:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/03/19 18:57:12 | 000,000,000 | --SD | M] -- C:\Users\Josh\AppData\Roaming\Virtual CD v10
[2010/11/19 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\VirtualStore
[2012/10/28 17:11:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WildTangent
[2010/06/27 03:08:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WinBatch
[2010/06/26 11:15:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :Processes >
[2009/07/14 13:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 13:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/24 18:04:35 | 000,000,544 | ---- | C] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/06/24 22:07:57 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2010/06/24 22:07:58 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2010/11/24 11:58:29 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/11/24 11:58:31 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 23:29:54 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000Core.job
[2011/07/07 23:29:55 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3468441439-994546170-3072864203-1000UA.job
[2013/02/21 20:35:43 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForJosh.job
[2013/03/19 10:01:18 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/20 18:38:00 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Josh.job
[2013/03/20 18:38:01 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Josh.job
[2013/03/20 18:38:04 | 000,000,372 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Josh.job
 
<  >
 
<  >
 
<  >
 
<  >
 
<  >
 
< :OTL >
 
<  >
 
< SRV - [2010/09/03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) >
Invalid Switch: 03 04:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
 
<  >
 
< IE:64bit: - HKLM\..\SearchScopes,DefaultScope = >
 
<  >
 
< IE - HKLM\..\SearchScopes,DefaultScope = >
 
<  >
 
< IE - HKCU\..\SearchScopes,DefaultScope = >
 
<  >
 
< IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms} >
 
<  >
 
< IE - HKCU\..\SearchScopes\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}: "URL" = http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} >
 
<  >
 
< FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" >
 
<  >
 
< FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 >
 
<  >
 
< FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:7.0 >
 
<  >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 >
 
<  >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 >
 
<  >
 
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 >
 
<  >
 
< FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 >
 
<  >
 
 
<  >
 
< FF - user.js - File not found >
 
<  >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/12/15 15:32:45 | 000,000,000 | ---D | M] >
Invalid Switch: 15 15:32:45 | 000,000,000 | ---D | M]
 
<  >
 
< File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} >
 
<  >
 
< File not found (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q5OKO5N3.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC} >
 
<  >
 
< O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll File not found >
 
<  >
 
< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. >
 
<  >
 
< O4 - HKLM..\Run: []  File not found >
 
<  >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) >
Invalid Switch: jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
 
<  >
 
< O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) >
Invalid Switch: jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
 
<  >
 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) >
Invalid Switch: jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
 
< @Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:D287FACF >
 
<  >
 
< @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD >
 
<  >
 
< @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4A74A9A7 >
 
<  >
 
< :Services >
 
<  >
 
<  >
 
<  >
 
< :Reg >
 
<  >
 
<  >
 
<  >
 
< :Files >
 
<  >
 
<  >
 
<  >
 
< :Commands >
 
<  >
 
< [purity] >
 
<  >
 
< [emptytemp] >
 
<  >
 
< [start explorer] >
 
<  >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:3790BACD
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:4A74A9A7
 
< End of report >


#11 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 22 March 2013 - 09:15 PM

Please try it again.  This time click on Run Fix


Posted Image

#12 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 23 March 2013 - 02:06 PM

All processes killed
========== PROCESSES ==========
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BB0A16-2A9D-41D8-90E6-CBF0DAD24A7B}\ not found.
Prefs.js: "chr-greentree_ff&ilc=12&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: ytd%40mybrowserbar.com:7.0 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e34367-8df7-42b4-837b-20b892ff0849}\ not found.
C:\ProgramData\iWin Games\firefox\chrome folder moved successfully.
C:\ProgramData\iWin Games\firefox folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:D287FACF deleted successfully.
ADS C:\ProgramData\Temp:3790BACD deleted successfully.
ADS C:\ProgramData\Temp:4A74A9A7 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Josh
->Temp folder emptied: 10064686 bytes
->Temporary Internet Files folder emptied: 154894334 bytes
->Java cache emptied: 13785123 bytes
->FireFox cache emptied: 101953471 bytes
->Google Chrome cache emptied: 389828759 bytes
->Apple Safari cache emptied: 180548608 bytes
->Flash cache emptied: 413105 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 210311380 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 41605424 bytes
 
Total Files Cleaned = 1,052.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03242013_025513
 
Files\Folders moved on Reboot...
C:\Users\Josh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#13 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 23 March 2013 - 02:08 PM

Sorry, I think I clicked Run Scan the first time. Did I do it correctly this time? 



#14 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 23 March 2013 - 04:30 PM

That looks good.

 

Let's get an online scan:

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


Posted Image

#15 appleliao

appleliao
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 24 March 2013 - 07:46 AM

C:\Program Files (x86)\PlayFirst Games\Cooking Dash 2- DinerTown Studios\cookingdash2.exe a variant of Win32/Kryptik.GTW trojan
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.13 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.14 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.15 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.16 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.17 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.18 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.19 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.20 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.21 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\YTD Toolbar\IE\7.0\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\q5oko5n3.default\extensions\plugin@yontoo.com.xpi Win32/Adware.Yontoo application
C:\Users\Josh\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab Win32/OpenCandy application
C:\Users\Josh\Documents\FrostWire\Saved\GAMES\PIZZA FRENZY FULL GAME\Pizza Frenzy\GAME\Keygen.exe a variant of Win32/Keygen.BG application
C:\Users\Josh\Downloads\cnet_DivXInstaller_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Josh\Downloads\download.exe multiple threats
C:\Users\Josh\Downloads\DownloadSetup.exe Win32/InstallMate application
C:\Users\Josh\Downloads\frostwire-4.20.7.windows.exe multiple threats
C:\Users\Josh\Downloads\GraboidVideoSetup-3.28.exe Win32/Graboid application
C:\Users\Josh\Downloads\Harrison_s_Principles_of_Internal_Medicine_18_Ed (1).exe Win32/Adware.1ClickDownload.G application
C:\Users\Josh\Downloads\Harrison_s_Principles_of_Internal_Medicine_18_Ed.exe Win32/Adware.1ClickDownload.G application
C:\Users\Josh\Downloads\mirc717.exe Win32/OpenCandy application
C:\Users\Josh\Downloads\musicnotesSuite.exe Win32/OpenCandy application
C:\Users\Josh\Downloads\setup.exe Win32/InstalleRex.E.Gen application
C:\Users\Josh\Downloads\SoftonicDownloader_for_spss.exe Win32/SoftonicDownloader.D application
C:\Users\Josh\Downloads\The_Vampire_Diaries_S04E06_Season_4_Episode_6_HDTV_x264_[GlowGaz_secure.exe Win32/TopMedia.B application
C:\Users\Josh\Downloads\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Josh\Downloads\YouTubeDownloaderSetup33 (1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\Josh\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
C:\Windows\Installer\64eab.msi a variant of Win32/Toolbar.Widgi application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users