Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with pc speed and optimizationvirus / Keybar 1.12


  • This topic is locked This topic is locked
9 replies to this topic

#1 Base12

Base12

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 20 August 2013 - 05:02 PM

Wife installed an "update to firefox.exe" and it installed the PC Speed and Optimization Virus. Spybot and Malware dont see it.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Daddy at 17:56:50 on 2013-08-20
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.4094.2453 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN14507858802941642&UM=2&ctid=CT3291325
mWinlogon: Userinit = userinit.exe
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291325\plugins

\TBVerifier.dll",RunConduitFloatingPlugin gipmblamjgodbimgeafaiegdpfbaeihe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC9AEEC4-4F1C-4593-BD62-1B16FBC749F5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EF32EA7D-C8C6-4C9A-A278-C11188368E13} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-

logging --system-level --multi-install --chrome
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&CUI=UN22054181482862526&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - KeyBar 1.12 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN22054181482862526&UM=2&UP=SP8481BEAC-E36A-4DC6-8C58

-32CB572A0AC8
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN22054181482862526&UM=2&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-20 13:55; gystqfr@ylgga.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com
FF - ExtSQL: 2013-08-20 13:55; {0134af61-7a0c-4649-aeca-90d776060cb3}; C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\extensions\{0134af61-7a0c-

4649-aeca-90d776060cb3}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-7-10 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\Drivers\jswpslwfx.sys [2008-10-1 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\Drivers\Lycosa.sys [2008-1-17 18816]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\Drivers\RTL8192su.sys [2012-5-22 694416]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S3 athur;Qualcomm Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\Drivers\athuw8x.sys [2013-7-20 3744256]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe --> C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [?]
.
=============== Created Last 30 ================
.
2013-08-20 18:42:09    --------    d-----w-    C:\Users\Daddy\AppData\Roaming\SUPERAntiSpyware.com
2013-08-20 18:42:06    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-08-20 18:42:06    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-08-20 17:56:15    --------    d-----w-    C:\Users\Daddy\AppData\Local\Conduit
2013-08-20 17:56:08    --------    d-----w-    C:\Users\Daddy\AppData\Local\CRE
2013-08-20 17:56:08    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-08-20 17:55:52    --------    d-----w-    C:\Users\Daddy\AppData\Local\DefineExt
2013-08-20 17:55:31    92640    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
2013-08-20 17:55:31    91104    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2013-08-20 17:55:31    85472    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-08-20 17:55:31    829920    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2013-08-20 17:55:31    21472    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2013-08-20 17:55:31    20960    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2013-08-20 17:55:31    1998168    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2013-08-20 17:55:31    19424    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2013-08-20 17:55:31    170464    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
2013-08-20 17:55:31    145376    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2013-08-20 08:20:41    240304    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10214.bin
2013-08-16 21:41:37    --------    d-----w-    C:\Users\Daddy\AppData\Local\Google
2013-08-16 03:38:59    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-08-15 23:37:06    --------    d-----w-    C:\Users\Daddy\AppData\Local\Solid State Networks
2013-08-15 23:37:04    --------    d-----w-    C:\Program Files (x86)\MeteorEntertainment
2013-08-15 23:33:21    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-08-15 23:33:20    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2013-08-15 23:31:29    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-08-15 23:26:52    --------    d-----w-    C:\Users\Daddy\AppData\Roaming\Origin
2013-08-15 23:26:48    --------    d-----w-    C:\Users\Daddy\AppData\Local\Origin
2013-08-15 23:25:26    --------    d-----w-    C:\ProgramData\Origin
2013-08-15 23:25:25    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-08-15 23:25:11    --------    d-----w-    C:\Program Files (x86)\Origin
2013-08-15 01:11:40    43328    ----a-w-    C:\Windows\System32\drivers\PCAMp50a64.sys
2013-08-15 01:11:40    41280    ----a-w-    C:\Windows\System32\drivers\PCASp50a64.sys
2013-08-15 01:11:23    --------    d-----w-    C:\ProgramData\NETGEAR
2013-08-15 01:11:21    --------    d-----w-    C:\Windows\Downloaded Installations
2013-08-15 01:02:22    --------    d-----w-    C:\Program Files (x86)\NETGEAR
2013-08-07 00:23:41    --------    d-----w-    C:\Windows\SysWow64\directx
2013-08-07 00:23:40    --------    d-----w-    C:\Games
2013-08-07 00:12:35    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2013-08-07 00:12:35    74072    ----a-w-    C:\Windows\SysWow64\XAPOFX1_5.dll
2013-08-07 00:12:35    527192    ----a-w-    C:\Windows\SysWow64\XAudio2_7.dll
2013-08-07 00:12:35    239960    ----a-w-    C:\Windows\SysWow64\xactengine3_7.dll
2013-08-07 00:12:35    22360    ----a-w-    C:\Windows\SysWow64\X3DAudio1_7.dll
2013-08-07 00:12:35    2106216    ----a-w-    C:\Windows\SysWow64\D3DCompiler_43.dll
2013-08-07 00:12:35    1998168    ----a-w-    C:\Windows\SysWow64\D3DX9_43.dll
2013-08-07 00:12:35    1974616    ----a-w-    C:\Windows\SysWow64\D3DCompiler_42.dll
2013-08-07 00:12:35    1892184    ----a-w-    C:\Windows\SysWow64\D3DX9_42.dll
2013-08-07 00:12:35    1868128    ----a-w-    C:\Windows\SysWow64\d3dcsx_43.dll
2013-08-07 00:12:33    --------    d-----w-    C:\Program Files (x86)\Piranha Games
2013-08-07 00:12:32    --------    d-----w-    C:\ProgramData\Package Cache
2013-08-07 00:10:40    --------    d-----w-    C:\ProgramData\Blizzard Entertainment
2013-08-07 00:10:40    --------    d-----w-    C:\Program Files (x86)\Diablo III
2013-08-07 00:10:40    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-08-07 00:10:28    --------    d-----w-    C:\Users\Daddy\AppData\Local\Macromedia
2013-08-07 00:10:03    --------    d-----w-    C:\ProgramData\Battle.net
2013-08-07 00:01:13    --------    d-----w-    C:\Users\Daddy\AppData\Roaming\AVG2013
2013-08-07 00:00:52    --------    d-----w-    C:\Users\Daddy\AppData\Roaming\TuneUp Software
2013-08-07 00:00:41    --------    d--h--w-    C:\$AVG
2013-08-07 00:00:41    --------    d-----w-    C:\ProgramData\AVG2013
2013-08-07 00:00:33    --------    d-----w-    C:\Program Files (x86)\AVG
2013-08-06 23:59:13    --------    d--h--w-    C:\ProgramData\Common Files
2013-08-06 23:59:13    --------    d-----w-    C:\Users\Daddy\AppData\Local\MFAData
2013-08-06 23:59:13    --------    d-----w-    C:\Users\Daddy\AppData\Local\Avg2013
2013-08-06 23:59:13    --------    d-----w-    C:\ProgramData\MFAData
2013-08-06 23:58:34    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-08-06 23:58:33    --------    d-----w-    C:\Program Files (x86)\Steam
2013-08-06 23:00:42    --------    d-----w-    C:\Windows\System32\MRT
2013-08-06 22:59:34    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0E5256D-5F5B-43C9-A809-4615E0EFE5D8}\mpengine.dll
2013-08-06 22:55:45    3236864    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-08-06 22:54:48    2367528    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-06 22:53:59    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-06 22:50:34    19187712    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-06 22:50:34    18523648    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-08-01 10:00:01    9460976    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-01 00:22:50    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-01 00:15:31    50784    ----a-w-    C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-08-01 00:15:30    17536    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
==================== Find3M  ====================
.
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:13:28    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-07-26 05:13:28    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:13:15    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-07-20 05:51:00    311608    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-07-20 05:50:56    71480    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50    206648    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-07-13 06:18:21    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-07-10 05:32:38    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 05:28:50    248632    ----a-w-    C:\Windows\System32\drivers\avgwfpa.sys
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-07-01 05:45:28    116536    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-06-27 22:04:51    78200    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51    693112    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31    997632    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-06-01 11:54:16    194816    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10    125184    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21    2391280    ----a-w-    C:\Windows\explorer.exe
2013-06-01 11:29:35    337152    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35    213248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33    327936    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31    6987008    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46    2106176    ----a-w-    C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03    496640    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19    493056    ----a-w-    C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09    1453568    ----a-w-    C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46    1842176    ----a-w-    C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06    680960    ----a-w-    C:\Windows\System32\vds.exe
2013-06-01 09:22:47    80896    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33    523264    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09    190976    ----a-w-    C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39    729600    ----a-w-    C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39    106496    ----a-w-    C:\Windows\System32\samlib.dll
2013-06-01 09:21:34    595968    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 09:20:45    583168    ----a-w-    C:\Windows\System32\mscms.dll
2013-06-01 09:20:34    1527808    ----a-w-    C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34    1048576    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04    2219520    ----a-w-    C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58    207872    ----a-w-    C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42    785408    ----a-w-    C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57    37632    ----a-w-    C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23    4036096    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-24 22:09:20    1403296    ----a-w-    C:\Windows\System32\winload.efi
2013-05-24 22:09:20    1271584    ----a-w-    C:\Windows\System32\winload.exe
2013-05-24 22:09:20    1217352    ----a-w-    C:\Windows\System32\winresume.efi
2013-05-24 22:09:20    1093904    ----a-w-    C:\Windows\System32\winresume.exe
2013-05-23 23:02:30    1314816    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-05-23 23:01:46    1300992    ----a-w-    C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-05-23 22:25:22    694272    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 17:57:01.71 ===============
 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 20 August 2013 - 05:58 PM

Hello Base12,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.

  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.

  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.


  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the otlDesktopIcon.png icon on your desktop.
    4. Under the Custom Scan box paste this in

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Base12

Base12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 20 August 2013 - 06:13 PM

# AdwCleaner v3.000 - Report created 20/08/2013 at 19:08:08
# Updated 20/08/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Daddy - DAD
# Running from : C:\Users\Daddy\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Daddy\AppData\Local\Conduit
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daddy\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v13.0.1 (en-US)

[ File : C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\prefs.js ]

Line Deleted : user_pref("CT3291325_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377038579263,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN22054181482862526&UM=2&UP=SP8481BEAC-E36A-4DC6-8C58-32CB572A0AC8");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&CUI=UN22054181482862526&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.machineId", "HLPOTKZHSY3+YVB8RISR0W/UYCSBVEQNTV2JH9W9XTCM8YO3ZUJBSQEEWUED6S9CCNX1PJFICW5W7A94DFXG9G");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Daddy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [2920 octets] - [20/08/2013 19:07:42]
AdwCleaner[S0].txt - [2784 octets] - [20/08/2013 19:08:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2844 octets] ##########
 

 

 

Other two are on the way.



#4 Base12

Base12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 20 August 2013 - 06:15 PM

OTL logfile created on: 8/20/2013 7:10:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daddy\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.65% Memory free
4.87 Gb Paging File | 3.40 Gb Available in Paging File | 69.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.89 Gb Total Space | 55.23 Gb Free Space | 46.46% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 340.61 Gb Free Space | 36.57% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.56 Gb Free Space | 83.67% Space Free | Partition Type: FAT32
 
Computer Name: DAD | User Name: Daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/20 19:10:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe
PRC - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/07/26 18:46:22 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/01/18 11:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/26 18:46:24 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/15 18:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/01 12:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/07/01 20:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/08/06 20:10:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/26 03:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 11:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/07/01 20:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 18:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/01 07:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/21 20:41:48 | 003,744,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athuw8x.sys -- (athur)
DRV:64bit: - [2012/11/20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012/10/12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/02 10:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/05/22 11:53:16 | 000,694,416 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/01/17 19:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Lycosa.sys -- (Lycosa)
DRV - [2007/09/11 03:23:46 | 000,018,944 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 7E EA 38 45 9C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9BE278FF-C91D-40CD-BBFE-7807DC59377D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN14507858802941642&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/20 13:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/07/20 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Extensions
[2013/08/20 18:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\o9ksia6e.default\extensions
[2013/08/20 13:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/20 13:55:53 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Daddy\AppData\Local\DefineExt\temp.dat File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291325\plugins\TBVerifier.dll",RunConduitFloatingPlugin gipmblamjgodbimgeafaiegdpfbaeihe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9AEEC4-4F1C-4593-BD62-1B16FBC749F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF32EA7D-C8C6-4C9A-A278-C11188368E13}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/20 18:56:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/20 19:10:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe
[2013/08/20 19:07:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/20 19:05:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/20 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/08/20 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/08/20 18:12:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Malwarebytes
[2013/08/20 18:12:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/20 18:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/20 18:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/20 18:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/20 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Programs
[2013/08/20 18:10:35 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Daddy\Desktop\rkill.com
[2013/08/20 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/20 14:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/20 14:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/20 14:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/20 13:56:08 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\CRE
[2013/08/20 13:55:52 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\DefineExt
[2013/08/16 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/16 17:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/08/16 17:41:37 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Google
[2013/08/15 19:37:06 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Solid State Networks
[2013/08/15 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeteorEntertainment
[2013/08/15 19:37:04 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2013/08/15 19:34:19 | 000,000,000 | ---D | C] -- C:\Users\Daddy\Documents\SimCity
[2013/08/15 19:33:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/08/15 19:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
[2013/08/15 19:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/08/15 19:26:52 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Origin
[2013/08/15 19:26:48 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Origin
[2013/08/15 19:26:03 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/08/15 19:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/15 19:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/08/15 19:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/15 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/08/14 21:11:40 | 000,043,328 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys
[2013/08/14 21:11:40 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2013/08/14 21:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
[2013/08/14 21:11:21 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/08/14 21:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/08/14 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2013/08/06 20:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2013/08/06 20:23:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/08/06 20:23:40 | 000,000,000 | ---D | C] -- C:\Games
[2013/08/06 20:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Piranha Games
[2013/08/06 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piranha Games
[2013/08/06 20:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/08/06 20:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013/08/06 20:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013/08/06 20:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/08/06 20:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/08/06 20:10:28 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Macromedia
[2013/08/06 20:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/08/06 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\AVG2013
[2013/08/06 20:00:52 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Roaming\TuneUp Software
[2013/08/06 20:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/06 20:00:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/06 20:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/06 20:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/08/06 19:59:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/06 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\MFAData
[2013/08/06 19:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/06 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\Avg2013
[2013/08/06 19:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/08/06 19:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/08/06 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/08/06 19:00:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/31 20:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/20 19:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/20 19:10:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daddy\Desktop\OTL.exe
[2013/08/20 19:09:24 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/20 19:09:23 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\LyricsSing Update.job
[2013/08/20 19:09:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/08/20 19:09:08 | 3433,918,464 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/20 19:07:11 | 000,975,858 | ---- | M] () -- C:\Users\Daddy\Desktop\adwcleaner.exe
[2013/08/20 18:56:55 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/08/20 18:46:44 | 000,803,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/20 18:46:44 | 000,682,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/20 18:46:44 | 000,124,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/20 18:46:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 18:20:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/20 18:10:35 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Daddy\Desktop\rkill.com
[2013/08/20 15:10:35 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f74b459d-a711-4d4e-9c06-89deeca76243.job
[2013/08/20 15:10:35 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c203968-8c9b-4221-9970-b753637824da.job
[2013/08/20 14:04:05 | 000,070,273 | ---- | M] () -- C:\Users\Daddy\Desktop\Haicake.jpg
[2013/08/20 13:55:32 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/20 13:43:14 | 000,357,277 | ---- | M] () -- C:\Users\Daddy\Desktop\Christian Cake.jpg
[2013/08/18 23:51:11 | 000,026,224 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_06_Simple-Part-Organizer-v0.250.zip
[2013/08/18 23:49:34 | 015,923,292 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_08_Current-II-Release.zip
[2013/08/18 23:10:31 | 032,717,621 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_07_American-Pack-0.241.zip
[2013/08/18 23:09:45 | 003,205,136 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_07_27.07IonhybridPack.zip
[2013/08/18 21:34:49 | 001,257,131 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_03_DRAkTEC-Asteroids.zip
[2013/08/18 21:33:11 | 001,098,951 | ---- | M] () -- C:\Users\Daddy\Desktop\uploads_2013_04_ST_Escape_Pod_V1.8.zip
[2013/08/18 21:20:41 | 000,000,222 | ---- | M] () -- C:\Users\Daddy\Desktop\Kerbal Space Program.url
[2013/08/18 20:51:16 | 000,001,673 | ---- | M] () -- C:\Users\Daddy\Desktop\Kerbal Space Program - Shortcut.lnk
[2013/08/16 19:11:24 | 000,002,279 | ---- | M] () -- C:\Users\Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/16 17:41:56 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/15 20:48:22 | 000,002,051 | ---- | M] () -- C:\Users\Daddy\Desktop\Hawken.lnk
[2013/08/15 19:33:21 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013/08/15 19:25:26 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/06 20:23:41 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/08/06 20:21:59 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/06 20:12:34 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\MechWarrior Online.lnk
[2013/08/06 20:10:51 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013/08/06 19:58:34 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/20 19:07:11 | 000,975,858 | ---- | C] () -- C:\Users\Daddy\Desktop\adwcleaner.exe
[2013/08/20 18:56:55 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/08/20 14:42:18 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f74b459d-a711-4d4e-9c06-89deeca76243.job
[2013/08/20 14:42:18 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c203968-8c9b-4221-9970-b753637824da.job
[2013/08/20 14:04:05 | 000,070,273 | ---- | C] () -- C:\Users\Daddy\Desktop\Haicake.jpg
[2013/08/20 13:55:48 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\LyricsSing Update.job
[2013/08/20 13:43:14 | 000,357,277 | ---- | C] () -- C:\Users\Daddy\Desktop\Christian Cake.jpg
[2013/08/18 23:51:11 | 000,026,224 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_06_Simple-Part-Organizer-v0.250.zip
[2013/08/18 23:49:34 | 015,923,292 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_08_Current-II-Release.zip
[2013/08/18 23:10:23 | 032,717,621 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_07_American-Pack-0.241.zip
[2013/08/18 23:09:45 | 003,205,136 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_07_27.07IonhybridPack.zip
[2013/08/18 21:34:49 | 001,257,131 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_03_DRAkTEC-Asteroids.zip
[2013/08/18 21:33:11 | 001,098,951 | ---- | C] () -- C:\Users\Daddy\Desktop\uploads_2013_04_ST_Escape_Pod_V1.8.zip
[2013/08/18 21:20:41 | 000,000,222 | ---- | C] () -- C:\Users\Daddy\Desktop\Kerbal Space Program.url
[2013/08/18 20:51:16 | 000,001,673 | ---- | C] () -- C:\Users\Daddy\Desktop\Kerbal Space Program - Shortcut.lnk
[2013/08/16 17:41:56 | 000,002,279 | ---- | C] () -- C:\Users\Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/16 17:41:56 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/16 17:41:40 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/16 17:41:40 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 20:48:22 | 000,002,051 | ---- | C] () -- C:\Users\Daddy\Desktop\Hawken.lnk
[2013/08/15 19:33:21 | 000,001,272 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013/08/15 19:25:26 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/08/06 20:23:41 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/08/06 20:21:56 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/06 20:12:34 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\MechWarrior Online.lnk
[2013/08/06 20:10:40 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013/08/06 20:10:22 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/06 19:58:34 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/08/06 18:55:04 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/08/06 18:53:59 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/08/06 18:53:59 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/06 20:01:13 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\AVG2013
[2013/08/16 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Origin
[2013/08/06 20:00:52 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2012/07/26 03:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/08/06 20:10:22 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/08/16 17:41:40 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/08/16 17:41:40 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 13:55:48 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\LyricsSing Update.job
[2013/08/20 14:42:18 | 000,000,518 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0c203968-8c9b-4221-9970-b753637824da.job
[2013/08/20 14:42:18 | 000,000,518 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f74b459d-a711-4d4e-9c06-89deeca76243.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/07/20 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Adobe
[2013/08/06 20:01:13 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\AVG2013
[2013/07/20 21:13:28 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Macromedia
[2013/08/20 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Malwarebytes
[2013/08/20 19:06:00 | 000,000,000 | --SD | M] -- C:\Users\Daddy\AppData\Roaming\Microsoft
[2013/07/20 21:24:59 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Mozilla
[2013/08/16 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\Origin
[2013/08/20 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/06 20:00:52 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >

< End of report >
 

 

 

 

 

 

OTL Extras logfile created on: 8/20/2013 7:10:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daddy\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.65% Memory free
4.87 Gb Paging File | 3.40 Gb Available in Paging File | 69.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.89 Gb Total Space | 55.23 Gb Free Space | 46.46% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 340.61 Gb Free Space | 36.57% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.56 Gb Free Space | 83.67% Space Free | Partition Type: FAT32
 
Computer Name: DAD | User Name: Daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0390737A-45CD-4904-9D55-212834DF51C2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16721173-A16A-4DCB-8830-20770B2F685A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{18096921-10FD-42BB-8F2F-2CBB90684220}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1B4B2FA9-A75E-4908-9805-09A844BAFFE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{1E6B7C64-E5A8-4C90-96EE-0CE12B742792}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe |
"{35B2EFAE-4C57-48D1-9AFE-9FE5B2826E8B}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{38CDFBCF-A682-4984-BCAE-1DB173A9B819}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3BE23E3B-532C-447A-882E-F356B04E11FE}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4066896A-72EC-45BF-8D06-F7B644DC557D}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{4B53DC97-2B53-4D4E-AD76-D3B81BB0EECB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{5170B54B-5786-4721-A736-1FA9D5D0C18F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{56A46EA1-0C76-4059-B98D-6E6BD9A8657E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{60A9C49A-E89C-41A9-9434-5A3E8BF3EC9F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{63B2785A-AA96-4AEC-A367-6F206390E7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{64DCC924-88BD-4ADA-9E91-274A0381B934}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6A2FAA1E-DAB1-4579-A6DD-0118B295DCB5}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6D73BAB3-4064-4612-B6EB-10948F1C374A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program\ksp.exe |
"{702AB0D7-6098-4DFC-B47A-2CFC4AC03FDA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{7A3C1ED4-B3EA-4C23-BEB0-1F446D7247E4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{7B89AA42-B44E-402D-BD20-263B9F39CA87}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7BCA5EC0-E657-4593-8E61-A41E1BDA575C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{96BCD8F5-5125-4194-AA96-7919601496C1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A0A2FE9C-301D-42BA-A815-F8906FF66761}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A73D4C39-C26C-466B-B48B-10EDD16D796E}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{ACAFBA83-4094-4963-8FBE-FEDDFA9A18AB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B430A2AF-28FA-49A9-BF4C-5097AC7D3FBB}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B50E67D3-1B59-4E71-845A-2A7E3D312F01}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{BEF69C80-BBE7-4C23-8931-67DD3E7396E3}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{C3245E67-D1EC-4791-940E-59A98924B22F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{C696AD52-8B75-4978-990F-0C1ABAF4FF7E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CDFF2C02-7885-424D-91A8-6A1BF8A1D6C9}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{D30F7588-D07E-431B-8C82-12163DC25E5E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{E3B7ECAE-BFD5-4131-9211-8630C20900A7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F2FDC65C-1B05-45A6-995A-89B46884FA00}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F304BF20-8F89-4F1A-8003-52821EFC73FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E74BF83C-2CA5-48EF-901F-959309E7D9EC}" = AVG 2013
"AVG" = AVG 2013
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1760F404-9A2B-4CD5-9A5C-7F9DCC627741}" = MechWarrior Online
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}" = MechWarrior Online
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 220200" = Kerbal Space Program
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Hawken" = Hawken
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/20/2013 9:32:33 PM | Computer Name = Dad | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0xC004C008
 
Error - 7/20/2013 9:32:33 PM | Computer Name = Dad | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C008  Sku Id=c752c2e0-7c17-4af4-bba6-6f8aa1e698bc
 
Error - 8/14/2013 9:02:39 PM | Computer Name = Dad | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Daddy\AppData\Local\Temp\{01E097FE-75FF-42DE-9D50-9311EBB4815D}\InstNetDriver.dll".
Dependent
 Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/14/2013 9:10:52 PM | Computer Name = Dad | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Daddy\AppData\Local\Temp\{D8F0AD30-1C39-4452-91AD-8099EECB1134}\InstNetDriver.dll".
Dependent
 Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/14/2013 9:11:29 PM | Computer Name = Dad | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe".
Dependent
 Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/14/2013 9:11:29 PM | Computer Name = Dad | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe".
Dependent
 Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/16/2013 9:25:45 PM | Computer Name = Dad | Source = Application Error | ID = 1000
Description = Faulting application name: KSP.exe, version: 4.0.1.62181, time stamp:
 0x50eecb51  Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
 0x515fac6e  Exception code: 0xc0000005  Fault offset: 0x00043632  Faulting process id:
 0xd8c  Faulting application start time: 0x01ce9ae8abd97bdf  Faulting application path:
 C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program Demo\KSP.exe
Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: efeced86-06db-11e3-be72-1c6f654a9669
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 8/20/2013 1:55:48 PM | Computer Name = Dad | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 13.0.1.4548,
 time stamp: 0x520bc1d5  Faulting module name: mozalloc.dll, version: 13.0.1.4548,
 time stamp: 0x520ba12c  Exception code: 0x80000003  Fault offset: 0x00001988  Faulting
 process id: 0x5bc  Faulting application start time: 0x01ce9dcd800c5965  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: bdede4d3-09c1-11e3-be72-1c6f654a9669
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 8/20/2013 1:56:09 PM | Computer Name = Dad | Source = CltMngSvc | ID = 1000
Description =
 
Error - 8/20/2013 1:56:16 PM | Computer Name = Dad | Source = CltMngSvc | ID = 1000
Description =
 
[ System Events ]
Error - 8/13/2013 12:28:54 PM | Computer Name = Dad | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:33:54 PM on ?8/?12/?2013 was unexpected.
 
Error - 8/14/2013 8:39:43 PM | Computer Name = Dad | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:28:54 PM on ?8/?14/?2013 was unexpected.
 
Error - 8/14/2013 8:50:50 PM | Computer Name = Dad | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 8/14/2013 9:15:57 PM | Computer Name = Dad | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 8/16/2013 7:09:14 PM | Computer Name = Dad | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/20/2013 1:57:18 PM | Computer Name = Dad | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/20/2013 2:17:00 PM | Computer Name = Dad | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 8/20/2013 3:10:01 PM | Computer Name = Dad | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/20/2013 6:40:56 PM | Computer Name = Dad | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/20/2013 7:08:36 PM | Computer Name = Dad | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >
 



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 27 August 2013 - 03:52 PM

We need to run an OTL Fix
  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :Otl
    IE - HKCU\..\SearchScopes\{9BE278FF-C91D-40CD-BBFE-7807DC59377D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN14507858802941642&UM=2
    O4 - HKCU..\Run: [ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3291325\plugins\TBVerifier.dll",RunConduitFloatingPlugin gipmblamjgodbimgeafaiegdpfbaeihe File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Daddy\AppData\Local\DefineExt\temp.dat File not found
    [2013/08/20 13:55:53 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com
    [2013/08/06 19:59:13 | 000,000,000 | ---D | C] -- C:\Users\Daddy\AppData\Local\MFAData
    [2013/08/06 19:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/08/06 20:00:52 | 000,000,000 | ---D | M] -- C:\Users\Daddy\AppData\Roaming\TuneUp Software
     
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 31 August 2013 - 10:42 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Base12

Base12
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 31 August 2013 - 09:10 PM

Here you go, seems to be running ok. Let me reboot and mess around with it and see how it is! Thanks so much for the help!

 

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BE278FF-C91D-40CD-BBFE-7807DC59377D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BE278FF-C91D-40CD-BBFE-7807DC59377D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\window folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\system folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\events folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\event folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\dom folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\addon folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\api-utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\addon-kit folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\tests folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\a folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\resources folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com folder moved successfully.
C:\Users\Daddy\AppData\Local\MFAData\logs folder moved successfully.
C:\Users\Daddy\AppData\Local\MFAData folder moved successfully.
C:\ProgramData\MFAData\survey folder moved successfully.
C:\ProgramData\MFAData\pack folder moved successfully.
C:\ProgramData\MFAData folder moved successfully.
C:\Users\Daddy\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Daddy\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Daddy\AppData\Roaming\TuneUp Software folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08312013_220812
 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 01 September 2013 - 11:49 AM

Glad to hear things are running better. Let's run a couple other scans for any leftovers.

1.
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • .Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

    2.
    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
        icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • Things to include in your next reply::
      MBAM log
      Eset log
      How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 03 September 2013 - 09:49 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:53 AM

Posted 12 September 2013 - 11:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users