Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Screen of Death, Browser Hijackers, Slow machine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 15th, 2013, 8:53 pm

This is my daughters machine who is in college. No matter how much I try to explain the issues to her she does not listen. I am going to make her go through your procedures with the hopes of teaching her. She has gotten the blue screen on more than one occasion forcing the machine to attempt to do a recovery. There is definitely a browser hijacker running because it always goes to a specific search page and generally the machine runs very slow. She was running Bit Torrent which I made her remove. I don't think there is any other P to P software but you may find some I do not know about. Thank you for your help in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Alexa at 14:42:21 on 2013-03-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1366 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\atwtusb.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\Alexa\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Alexa\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\consent.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3220468
mStart Page = hxxp://search.privitize.com/?aff=7
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {523F1DFF-2417-4466-8329-91877FF40EF5} - <orphaned>
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Alexa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.36.1
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10} : DHCPNameServer = 192.168.36.1
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\05C616E6564734C616D6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\14962777166756 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\2656C6B696E6E233734363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\544786F63747275616D60213 : DHCPNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\544786F63747275616D6022316 : DHCPNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}\A4546464D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MacroKeyManager] WTMKM.exe
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}&CUI=UN94129836015908544
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 544&UM=&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Alexa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-28 15:44; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - ExtSQL: 2013-03-04 16:51; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: !HIDDEN! 2011-08-26 18:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQDFQ ... 26&search=
FF - user.js: extensions.incredibar_i.id - 7c4e86d40000000000001c659d610155
FF - user.js: extensions.incredibar_i.instlDay - 15537
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:09:22
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQDFQShOs
FF - user.js: extensions.incredibar_i.upn2n - 92543242173875372
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 88%5F2
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-30 55856]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 39768]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-30 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-5 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-30 13336]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 398184]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-30 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-30 2320920]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-9-30 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-9-30 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-30 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-9-30 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-30 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-30 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-23 24176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-30 232480]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2011-7-24 45736]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-30 325152]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-14 18:38:32 -------- d-----w- C:\Users\Alexa\AppData\Local\{56D8AFCE-2602-4C87-BDAD-9AE554E1E1FF}
2013-03-14 14:44:02 -------- d-----w- C:\Users\Alexa\AppData\Local\{DF6573D2-9AED-45DA-8B30-EA81DA2CF373}
2013-03-09 15:29:21 -------- d-----w- C:\Users\Alexa\AppData\Local\{A0C721F7-A6FE-4DB7-9E1D-05197986B0D4}
2013-03-04 21:08:42 -------- d-----w- C:\Users\Alexa\Adobe Acrobat XI Pro
2013-03-04 20:57:45 -------- d-----w- C:\Users\Alexa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-04 20:57:25 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2013-03-02 22:46:36 -------- d-----w- C:\Users\Alexa\AppData\Local\{34EC9123-1C29-4687-B1DE-48574C75F78B}
2013-02-28 02:21:46 -------- d-----w- C:\Users\Alexa\AppData\Local\{893DF2CF-AF31-45FD-AE20-4F653A7324E5}
2013-02-27 06:53:09 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-26 05:51:46 -------- d-----w- C:\Users\Alexa\AppData\Local\{B1385A02-4364-4CCB-A028-A55B43062750}
2013-02-23 18:39:37 -------- d-----w- C:\Users\Alexa\AppData\Local\{A30A6C05-BFF9-48EC-BC9F-578F834F1320}
2013-02-21 18:48:37 -------- d-----w- C:\Users\Alexa\AppData\Local\{4D88B45F-F3E3-4845-87D2-6BBBA59AD6EF}
2013-02-20 13:35:45 -------- d-----w- C:\Users\Alexa\AppData\Local\{F5F34313-129C-4061-924E-B6AED3403710}
2013-02-19 12:35:02 -------- d-----w- C:\Users\Alexa\AppData\Roaming\TuneUp Software
2013-02-17 18:06:27 -------- d-----w- C:\Users\Alexa\AppData\Local\{138430E4-5A94-45F9-BD00-263BC30CFBB8}
2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 20:45:23 -------- d-----w- C:\Users\Alexa\AppData\Local\{DD3FDC8F-AE9B-4C1E-B731-05D06D135900}
2013-02-14 03:35:17 -------- d-----w- C:\Users\Alexa\AppData\Local\{B8993AD0-84C4-49D2-9120-036778535D1B}
2013-02-13 22:12:58 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:12:58 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:20:17 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 20:20:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 20:20:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 20:20:07 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 20:20:05 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 20:20:04 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 20:20:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 20:20:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 20:20:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 20:20:02 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 20:20:00 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 20:20:00 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 04:34:13 -------- d-----w- C:\Users\Alexa\AppData\Roaming\Nico Mak Computing
2013-02-13 04:34:01 18760 ----a-w- C:\Windows\System32\roboot64.exe
2013-02-13 04:33:51 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
.
==================== Find3M ====================
.
2013-03-12 22:27:23 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 22:27:23 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-27 06:53:04 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-27 06:53:03 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-19 05:36:02 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-01-30 15:26:05 0 ----a-w- C:\Windows\SysWow64\shoBB44.tmp
2013-01-13 16:10:26 0 ----a-w- C:\Windows\SysWow64\shoAE60.tmp
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-08 18:51:07 959976 ----a-w- C:\Windows\System32\deployJava1.dll
2013-01-08 18:51:07 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-01-08 18:51:07 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-31 19:45:54 0 ----a-w- C:\Windows\SysWow64\shoDAD8.tmp
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:50:19.06 ===============
=======================================================================================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/20/2010 12:14:17 PM
System Uptime: 3/14/2013 2:32:41 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 909/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 295.177 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&2D793958&0&F8DB7F1441F8_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\9&2D793958&0&F8DB7F1441F8_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\9&2D793958&0&F8DB7F1441F8_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\9&2D793958&0&F8DB7F1441F8_C00000001
Service:
.
==== System Restore Points ===================
.
RP175: 3/4/2013 4:24:18 PM - Installed Adobe Acrobat XI Pro.
RP176: 3/12/2013 12:00:41 PM - Scheduled Checkpoint
RP177: 3/14/2013 3:02:19 AM - Windows Update
RP178: 3/14/2013 1:29:16 PM - Removed ooVoo
RP179: 3/14/2013 1:33:29 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Adobe Acrobat XI Pro
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Web Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.02)
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
ARO 2012
Ask Toolbar
Ask Toolbar Updater
AVG 2012
AVG Security Toolbar
Bonjour
BufferChm
Camera Control Pro 2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Codecv
Consumer In-Home Service Agreement
Cozi
D110
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Webcam Central
Destinations
DeviceDiscovery
DivX Setup
DW WLAN Card Utility
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Update Helper
GoToAssist Corporate
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Jane's Hotel Mania
Java 7 Update 10 (64-bit)
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 18 (64-bit)
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 24
Junk Mail filter update
Lexmark S300-S400 Series
Live! Cam Avatar Creator
LoJack Factory Installer
MacroKey Manager
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Network64
Nikon File Uploader 2
Nikon Message Center 2
Norton Security Scan
ooVoo
PDF Settings CS5
Picture Control Utility
PS_AIO_07_D110_SW_Min
Quickset64
QuickTime
QuickTransfer
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Burn
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.1
SmartWebPrinting
SolutionCenter
SpywareBlaster 4.6
Status
The Weather Channel App
The Weather Channel Desktop 6
Toolbox
TrayApp
TuneUp Companion 2.1.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
ViewNX 2
Visual Studio 2008 x64 Redistributables
WebReg
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent Games App (Dell Games)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip Registry Optimizer
WxDFast
wxDownload
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
3/9/2013 1:00:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
3/14/2013 3:00:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
3/14/2013 3:00:16 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
3/14/2013 3:00:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/14/2013 2:43:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289).
3/14/2013 2:43:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2791765).
3/14/2013 2:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/14/2013 2:33:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
3/14/2013 2:33:21 PM, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/14/2013 2:33:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a000db19e0, 0x00000000c0000189, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031413-33337-01.
3/12/2013 10:59:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WTService service.
3/11/2013 6:46:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TKMTLMIKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{603B196F-5E17-4C15-B0C1-4B8572257C10}. The master browser is stopping or an election is being forced.
3/10/2013 12:34:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
.
==== End Of File ===========================
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am
Advertisement
Register to Remove

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby Gary R » March 16th, 2013, 2:38 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby Gary R » March 16th, 2013, 2:50 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi IslandGuy

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows 7, or Windows 8, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's definitely signs of unwanted software on your daughter's machine, and it needs removing, so let's get started.

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Ask Toolbar
Ask Toolbar Updater
Java 7 Update 10 (64-bit)
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 18 (64-bit)
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 24


Ask Toolbar is nothing more than a "cash cow" that comes pre-checked for install with lots of programs (legit and otherwise) that does nothing useful, and does monitor and report which sites you visit.

Old versions of java can be, and are exploited. Unless you have a specific need for java (and most people don't) then I recommend the removal of all java plugins from your browser. If you have a specific need for java, then you need to make sure it's the latest version. If you need to have java installed let me know, and once your machine is clean I'll link you to the latest version.

Reboot your computer once those programs have been removed.

Next

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • JRT.txt
  • SystemLook.txt
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 16th, 2013, 12:28 pm

Ok that was awesome. I woke up my daughter at 10AM after she had been out all night partying to start working on her computer. LOL. took us 2 hours to go through everything and she only puked once. She is now going back to bed ... very unhappy with me... Serves he right. LMAO

OK here is the JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Alexa on Sat 03/16/2013 at 10:53:57.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\dw7
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\veohplugin
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-982022550-2211653999-1971989902-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-982022550-2211653999-1971989902-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\shoppingreport2
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bhoclass.bho.bhoclass.bho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bhoclass.bho.bhoclass.bho.1.0
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{523F1DFF-2417-4466-8329-91877FF40EF5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\addict-thing"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\codecc"
Successfully deleted: [Folder] "C:\ProgramData\codecv"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\questscan"
Successfully deleted: [Folder] "C:\ProgramData\wxdownload"
Successfully deleted: [Folder] "C:\Users\Alexa\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alexa\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\babylontoolbar"
Failed to delete: [Folder] "C:\Users\Alexa\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\codecc"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\codecv"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Alexa\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\questscan"
Successfully deleted: [Folder] "C:\Program Files (x86)\smartdl"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\user.js
Successfully deleted: [File] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\smartbar
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\extensions\5055dd013408a@5055dd01340c3.com
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\extensions\5055de952ced2@5055de952cf0b.com
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\extensions\50578b105bd3f@50578b105bd78.com
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Folder] C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\prefs.js

user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1NjYxNzk1NiwidXVpZCI6MzEyMDQzMDY0OTE5OTUyLCJzZXFfaWQiOjM2LCJzc2IiOjEzNTAzNDAwNDd9");
user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.FirstTime", "true");
user_pref("CT3220468.FirstTimeFF3", "true");
user_pref("CT3220468.LoginRevertSettingsEnabled", true);
user_pref("CT3220468.RevertSettingsEnabled", true);
user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN94129836015908544&q=");
user_pref("CT3220468.UserID", "UN94129836015908544");
user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3220468.autoDisableScopes", 0);
user_pref("CT3220468.browser.search.defaultthis.engineName", "true");
user_pref("CT3220468.cb_experience_000.enc", "MjQ=");
user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
user_pref("CT3220468.cbcountry_001.enc", "VVM=");
user_pref("CT3220468.cbfirsttime.enc", "VHVlIE9jdCAwOSAyMDEyIDEyOjA1OjM1IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
user_pref("CT3220468.enableAlerts", "always");
user_pref("CT3220468.enableFix404ByUser", "FALSE");
user_pref("CT3220468.enableSearchFromAddressBar", "true");
user_pref("CT3220468.firstTimeDialogOpened", "true");
user_pref("CT3220468.fixPageNotFoundError", "true");
user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3220468.fixUrls", true);
user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=
user_pref("CT3220468.installDate", "12/2/2013 23:35:47");
user_pref("CT3220468.installId", "fft8764.tmp.exe");
user_pref("CT3220468.installType", "XPE");
user_pref("CT3220468.isCheckedStartAsHidden", true);
user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
user_pref("CT3220468.isNewTabEnabled", true);
user_pref("CT3220468.isPerformedSmartBarTransition", "true");
user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.keyword", "true");
user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN9412983601590854
user_pref("CT3220468.lastVersion", "10.14.370.524");
user_pref("CT3220468.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3220468.migrateAppsAndComponents", true);
user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com%2Fgerald.obert\",\"EB_MAIN_FRAME_TITLE\":\"Gerald%20Obert\",\"EB_SEARCH_TE
user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.openThankYouPage", "true");
user_pref("CT3220468.openUninstallPage", "FALSE");
user_pref("CT3220468.search.searchAppId", "129813684258939747");
user_pref("CT3220468.search.searchCount", "2");
user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355946858797");
user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1356617948103");
user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356422440916");
user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1363370768630");
user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353449227177");
user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358914201162");
user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363433404111");
user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360615772754");
user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1362518008990");
user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363221331902");
user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356422440701");
user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1356617952287");
user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1363370768441");
user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356422445487");
user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1363440602582");
user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1363370768965");
user_pref("CT3220468.settingsINI", true);
user_pref("CT3220468.shouldFirstTimeDialog", "false");
user_pref("CT3220468.smartbar.CTID", "CT3220468");
user_pref("CT3220468.smartbar.Uninstall", "0");
user_pref("CT3220468.smartbar.homepage", "true");
user_pref("CT3220468.smartbar.isHidden", true);
user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
user_pref("CT3220468.startPage", "userChanged");
user_pref("CT3220468.startPageXPETakeover", "true");
user_pref("CT3220468.toolbarBornServerTime", "9-10-2012");
user_pref("CT3220468.toolbarCurrentServerTime", "16-3-2013");
user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 00:26:50 GMT-0400 (Eastern Daylight Time)");
user_pref("CT3220468.upgradeFromClearSBVersion", true);
user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTYzNjkwODg2MTUsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM
user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363370646239,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN94129836015908544&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=3&q={searchTerms}&CUI=UN94129836015908544");
user_pref("browser.search.order.1", "Privitize VPN");
user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
user_pref("extensions.500480f581ac3.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("extensions.5055dd0134134.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.5055de952cf7e.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.50578b105bdc9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.incredibar.actvtyRptTime", "1363281030052");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "US");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.dfltlng", "EN");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.did", "10650");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "0961306DAA5BB98513D1C1628BCBCDB5");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "7c4e86d40000000000001c659d610155");
user_pref("extensions.incredibar.id", "7c4e86d40000000000001c659d610155");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15537");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlday", "15537");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isDcmntCmplt", false);
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1417:09:22");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "88%5F2");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQDFQShOs&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQDFQShOs&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6PQDFQShOs");
user_pref("extensions.incredibar.upn2n", "92543242173875372");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1417:09:22");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.1417:09:22");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10650");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "7c4e86d40000000000001c659d610155");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15537");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "88%5F2");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQDFQShOs&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6PQDFQShOs");
user_pref("extensions.incredibar_i.upn2n", "92543242173875372");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:09:22");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN94129836015908544&UM=&q=");
user_pref("smartBar.searchInNewTabOwner", "CT3220468");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=UN9412983601
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT
user_pref("smartbar.machineId", "EY9WE9TG33IBZL0XMWRY54/CNZCI+S1PSAWBGYW7UU0CPTSFKCT2SDOTMTAEVIQUPJNIRN0KKPG1X065BP3W5G");
user_pref("smartbar.originalHomepage", "hxxp://www.searchnu.com/406");
user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=");
user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
user_pref("browser.search.defaultengine", "Privitize VPN");
Emptied folder: C:\Users\Alexa\AppData\Roaming\mozilla\firefox\profiles\tmnjr2nb.default\minidumps [51 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Alexa\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/16/2013 at 11:16:09.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 16th, 2013, 12:30 pm

SystemLook File

-----------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 11:21 on 16/03/2013 by Alexa
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\Users\Alexa\AppData\Local\Microsoft\Internet Explorer\DOMStore\RO42B1U9\www.searchnu[1].xml --a---- 13 bytes [21:09 16/07/2012] [21:09 16/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Alexa\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FHKCUCOA\www.searchnu[1].xml --a---- 13 bytes [19:48 18/05/2012] [19:48 18/05/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Searchqu*"
C:\Users\Alexa\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12

Searching for "*iLivid*"
C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage --a---- 3072 bytes [13:53 19/10/2012] [18:59 12/02/2013] 8AAC6FBFA5261C6D62F113E87F2FCB6F
C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal --a---- 3608 bytes [13:53 19/10/2012] [18:59 12/02/2013] 01A17F8ED78368F794B288D693781AFA

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=283&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA69EA2C-C86E-42A2-B738-4609731B4779}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 16th, 2013, 12:35 pm

OTL logfile created on: 3/16/2013 11:54:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 48.39% Memory free
7.61 Gb Paging File | 4.48 Gb Available in Paging File | 58.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 295.22 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
Drive F: | 7.54 Gb Total Space | 0.66 Gb Free Space | 8.80% Space Free | Partition Type: FAT32

Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/16 11:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
PRC - [2013/03/10 20:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/19 01:36:02 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/18 07:20:07 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Alexa\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/23 21:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2012/04/12 14:35:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/14 13:02:58 | 021,975,120 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/06 10:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/06/08 11:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 11:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 17:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 17:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 15:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 20:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/14 00:10:10 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b362975753a31559874bea5609e59c\System.Deployment.ni.dll
MOD - [2013/02/13 23:40:51 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/13 23:40:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/13 23:40:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/13 18:19:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/09 17:10:16 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/01/09 17:07:03 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\e6a6e2678f6215574be155e9088c1a01\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/01/09 17:07:02 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013/01/09 17:07:02 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/01/09 17:06:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 17:06:32 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/09 17:06:30 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/01/09 17:06:29 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 17:06:24 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013/01/09 17:05:42 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/09 17:00:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 17:00:29 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll
MOD - [2013/01/09 16:45:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 16:44:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 16:44:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 16:43:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 16:43:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 16:43:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 16:43:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 16:43:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 15:11:27 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/09 15:11:10 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/09 15:10:58 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 15:10:57 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 15:10:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 15:10:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/09 15:10:49 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 15:10:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 15:10:44 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 15:10:37 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/06/28 08:21:42 | 009,905,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2010/06/28 08:21:42 | 007,793,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2010/06/28 08:21:42 | 002,530,304 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
MOD - [2010/06/28 08:21:42 | 002,094,592 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2010/06/28 08:21:42 | 001,116,160 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2010/06/28 08:21:42 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2010/06/28 08:21:42 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2010/06/28 08:21:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2010/06/28 08:21:42 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 01:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/14 16:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 16:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2010/02/03 02:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/04/24 02:40:48 | 000,660,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/12 18:27:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 02:26:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/19 01:36:02 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/12 14:43:07 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/11/20 13:41:34 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/06/08 11:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/14 16:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 17:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 17:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 01:36:02 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/18 16:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/28 17:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 14:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/18 01:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 11:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/30 15:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 15:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 15:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 15:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 15:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 17:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 17:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/03/17 17:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 02:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 02:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 02:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/16 15:18:26 | 000,007,808 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/03/08 07:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN139&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN139&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes\{5AFC6887-7073-E6CD-E685-A65EBB910758}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z126&form=ZGAIDF&install_date=20110901&iesrc={referrer:source}
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes\{724F9E74-36AF-46D8-9102-8069887F5BB1}: "URL" = http://websearch.ask.com/custom/java/re ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes\{E32AC25B-A8FA-443C-A7F0-914368E0701C}: "URL" = http://isearch.avg.com/search?cid={AEC5B16A-75BF-4845-A14E-F3A335E50543}&mid=1a2e090c5c5447d1b4732104e46e0a6f-5e4811d01070b3143641e5e5d76ba869576ce966&lang=en&ds=AVG&pr=pr&d=2012-03-09 20:10:25&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: %7B7473b6bd-4691-4744-a82b-7854eb3d70b6%7D:10.14.370.524
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alexa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alexa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/11/22 15:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/16 03:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/16 03:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/26 18:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/06 13:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 01:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/07 12:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/03/04 17:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 02:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 02:26:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/26 18:23:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 02:26:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 02:26:49 | 000,000,000 | ---D | M]

[2012/05/18 16:11:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Extensions
[2013/03/16 11:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions
[2013/01/28 16:44:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/07 13:44:11 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\extensions\500480f581a37@500480f581a70.info
[2012/09/16 11:30:31 | 000,002,089 | ---- | M] () -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\searchplugins\Startpins.xml
[2013/03/08 02:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 02:26:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 02:26:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/19 01:37:51 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/11 15:27:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/20 11:28:40 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={AEC5B16A-75BF-4845-A14E-F3A335E50543}&mid=1a2e090c5c5447d1b4732104e46e0a6f-5e4811d01070b3143641e5e5d76ba869576ce966&lang=en&ds=AVG&pr=pr&d=2012-03-09 20:10:25&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: http://search.conduit.com/?CUI=UN353667 ... hSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.14.251.3_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.14.251.3_0\plugins/np-cwmp.dll
CHR - plugin: Conduit Chrome Approve TB Plugin (Enabled) = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.14.251.3_0\plugins/ChromeApproveTBPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Alexa\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alexa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: DivX HiQ = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Skype Click to Call = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/14 13:19:21 | 000,000,849 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [MacroKeyManager] C:\Windows\SysNative\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [Akamai NetSession Interface] C:\Users\Alexa\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe (Support.com, Inc.)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [Facebook Update] C:\Users\Alexa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{603B196F-5E17-4C15-B0C1-4B8572257C10}: DhcpNameServer = 192.168.36.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\Shell - "" = AutoRun
O33 - MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/16 11:52:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/16 10:53:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/16 10:53:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/16 10:48:25 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Alexa\Desktop\JRT (1).exe
[2013/03/16 10:40:18 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{82C2D0BB-DDA1-4C48-B78D-4A649E9058E9}
[2013/03/16 10:08:05 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/16 10:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/03/16 10:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/03/15 11:40:03 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{0306B1BC-5A23-467E-84C0-E04757513CBF}
[2013/03/15 03:06:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/15 03:06:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/15 03:06:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/15 03:05:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/15 03:05:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/15 03:05:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/15 03:05:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/15 03:05:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/15 03:05:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/15 03:05:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/15 03:05:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/15 03:05:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/15 03:05:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/15 03:05:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/15 03:05:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/14 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{56D8AFCE-2602-4C87-BDAD-9AE554E1E1FF}
[2013/03/14 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{DF6573D2-9AED-45DA-8B30-EA81DA2CF373}
[2013/03/14 03:01:15 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/03/09 11:29:21 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{A0C721F7-A6FE-4DB7-9E1D-05197986B0D4}
[2013/03/08 02:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/06 13:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/04 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Adobe Acrobat XI Pro
[2013/03/04 16:57:45 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/04 16:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2013/03/02 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{34EC9123-1C29-4687-B1DE-48574C75F78B}
[2013/02/27 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{893DF2CF-AF31-45FD-AE20-4F653A7324E5}
[2013/02/26 01:51:46 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{B1385A02-4364-4CCB-A028-A55B43062750}
[2013/02/23 14:39:37 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{A30A6C05-BFF9-48EC-BC9F-578F834F1320}
[2013/02/22 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/22 17:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/21 14:48:37 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{4D88B45F-F3E3-4845-87D2-6BBBA59AD6EF}
[2013/02/20 09:35:45 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{F5F34313-129C-4061-924E-B6AED3403710}
[2013/02/19 08:35:02 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Roaming\TuneUp Software
[2013/02/17 14:06:27 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{138430E4-5A94-45F9-BD00-263BC30CFBB8}
[2013/02/14 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{DD3FDC8F-AE9B-4C1E-B731-05D06D135900}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/16 11:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe
[2013/03/16 11:51:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-982022550-2211653999-1971989902-1000UA.job
[2013/03/16 11:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/16 11:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-982022550-2211653999-1971989902-1000UA.job
[2013/03/16 11:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/16 10:48:26 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Alexa\Desktop\JRT (1).exe
[2013/03/16 10:45:48 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 10:45:48 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 10:35:26 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/16 10:35:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/16 10:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/16 10:35:08 | 3062,906,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/16 10:11:19 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ALEXA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/03/16 10:07:17 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/16 10:04:41 | 000,780,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/16 10:04:41 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/16 10:04:41 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/16 08:37:03 | 113,515,962 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/03/15 20:32:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-982022550-2211653999-1971989902-1000Core.job
[2013/03/15 17:51:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-982022550-2211653999-1971989902-1000Core.job
[2013/03/15 15:02:23 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2013/03/14 18:58:44 | 001,010,488 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/03/14 14:33:08 | 297,072,646 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/14 13:19:21 | 000,000,849 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/13 23:34:24 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2013/03/13 10:51:17 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Alexa.job
[2013/03/13 08:36:40 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 18:27:23 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 18:27:23 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/09 11:24:06 | 004,991,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/06 13:17:30 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2013/03/04 17:53:43 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013/03/04 17:53:43 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/03/04 16:57:26 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/02/27 02:53:04 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/27 02:53:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/22 17:21:39 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/19 01:36:02 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/18 07:20:08 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/16 10:11:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ALEXA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/03/16 10:07:17 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/04 17:53:43 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013/03/04 17:53:43 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013/03/04 17:53:43 | 000,002,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013/03/04 17:53:43 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/03/04 17:53:42 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013/03/04 16:57:26 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/03/04 16:57:26 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/01/14 10:42:02 | 000,001,071 | ---- | C] () -- C:\Users\Alexa\Malwarebytes Anti-Malware.lnk
[2012/11/08 18:16:35 | 000,000,132 | ---- | C] () -- C:\Users\Alexa\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/13 09:24:47 | 000,753,152 | ---- | C] () -- C:\Windows\is-L20TM.exe
[2012/01/07 06:34:58 | 000,000,132 | ---- | C] () -- C:\Users\Alexa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/28 18:22:28 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/08/26 17:54:56 | 000,206,951 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/24 17:35:06 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/07/24 17:35:06 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/07/24 17:35:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/07/24 17:35:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/07/24 17:35:05 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/07/24 17:35:05 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/07/24 17:35:05 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/07/24 17:35:05 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/07/24 17:35:05 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/07/24 17:35:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/07/24 17:35:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/07/24 17:35:04 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/07/24 17:35:04 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/07/24 17:35:04 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/07/24 17:35:04 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/07/24 17:35:04 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/07/24 17:35:04 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/07/24 17:35:04 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2011/07/24 17:35:04 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/07/24 17:35:03 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/07/24 17:35:03 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/07/24 17:34:36 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011/07/24 17:34:36 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011/06/09 13:06:53 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/09 13:06:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/26 18:12:14 | 000,008,118 | ---- | C] () -- C:\Windows\aiptbl.ini
[2011/03/02 21:38:30 | 000,009,216 | ---- | C] () -- C:\Users\Alexa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 16:06:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2010/12/25 16:06:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2010/12/25 16:06:31 | 000,000,268 | RH-- | C] () -- C:\Users\Alexa\AppData\Roaming\Classical
[2010/12/25 16:06:31 | 000,000,268 | RH-- | C] () -- C:\Users\Alexa\AppData\Roaming\Classic Thick
[2010/12/25 16:06:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/12/25 16:06:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/12/25 16:06:30 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2010/12/25 16:06:30 | 000,000,268 | RH-- | C] () -- C:\Users\Alexa\AppData\Roaming\Chorus
[2010/12/25 16:06:30 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/12/25 16:02:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/12/25 15:42:07 | 000,000,268 | RH-- | C] () -- C:\Users\Alexa\AppData\Roaming\CIOSupport
[2010/12/25 15:42:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Carbon
[2010/12/25 15:42:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/20 15:30:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/20 13:41:27 | 000,103,784 | ---- | C] () -- C:\Users\Alexa\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/09 21:11:00 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\AVG2012
[2010/12/01 19:52:38 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/04 16:57:45 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/02/13 00:31:19 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\FrostWire
[2013/01/28 16:44:54 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Garmin
[2012/12/05 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\HTC
[2010/12/03 13:36:06 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Jane s Hotel 3
[2011/01/16 03:00:03 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Local
[2013/02/13 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Nico Mak Computing
[2010/12/25 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Nikon
[2011/08/31 22:26:08 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\ooVoo Details
[2011/06/02 18:49:51 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\PCDr
[2012/10/29 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Sammsoft
[2012/05/06 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\SoftGrid Client
[2010/12/01 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/22 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\TP
[2013/02/19 08:35:02 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\TuneUp Software
[2012/07/08 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\TuneUpMedia
[2013/03/14 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\uTorrent
[2013/01/06 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\WildTangent
[2013/01/31 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/31 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 16th, 2013, 12:37 pm

OTL Extras logfile created on: 3/16/2013 11:54:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alexa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 48.39% Memory free
7.61 Gb Paging File | 4.48 Gb Available in Paging File | 58.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 295.22 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
Drive F: | 7.54 Gb Total Space | 0.66 Gb Free Space | 8.80% Space Free | Partition Type: FAT32

Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{293DA36B-B868-4C3F-A21F-B0A5457F7454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3566DB8C-9AAA-4546-95DB-81F98C969A06}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{35EC89FF-B056-4440-AC96-248CD37C5E10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{40050706-4FB3-4DDB-A460-5A1866AA9A0B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{47EA7A4C-D0FF-4BC4-9526-98C53FBFB54E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C5AC098-61D5-45E9-8655-59CAA75B2870}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5125423B-6820-4E3A-B791-BB58D95AA9FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{52753C66-B773-4E51-AA72-5C5EC7263F3F}" = lport=137 | protocol=17 | dir=in | app=system |
"{5D6234A3-DA3C-4A0C-9D56-E930248E6AB5}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D7D94FE-7659-47EA-99AE-1A711D49FF10}" = rport=10243 | protocol=6 | dir=out | app=system |
"{657737F5-C1E3-43EF-9E4F-7821A8AF32FA}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{6CBF036B-45E6-4187-B8D0-7B1326DEF232}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6E33DC38-F5F2-41D9-990F-73122813EF99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77AC2445-C13D-4A59-9E9D-10F52DC638B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F9C750D-402B-4A7E-B60D-3B2AB1404796}" = lport=138 | protocol=17 | dir=in | app=system |
"{86B75550-DDEB-4CA4-A5CB-B0396C8EE5EF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CAEBB3E-BE7B-47B1-8EC6-5C48443AA167}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E9257F4-89AD-4FBD-A71A-F5E923CB226E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A1F492C5-9E23-4426-B496-8A33FA56CC02}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A592FE78-3258-49FF-A453-0826C161057C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A718E530-F4EC-42D1-AEE4-71B3F8285208}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A81E3397-E4C9-4697-9A74-AF22BC9D95E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{B61166D4-971A-45F3-9A3F-A15769752DC4}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9637B87-48EE-40DA-89B6-88F6B49DADAC}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAF506B3-93BF-407B-AF06-3E14AD439BE0}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB1313D6-91D0-49F3-A30C-681370D02E38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDB0E935-CA2F-4153-86C0-60957F627A1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{D610163E-656D-4432-82F5-A0E87396B96D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB4546C1-0C06-4A73-B4B5-3340DA18347F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DEC2FEAE-6B9F-4281-8926-F2F4DD1BBB55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6614AFC-7326-4F80-A567-449F2BF3BCC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B92260-0CDA-4076-8E79-AA93304C4C04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1712CE80-22AD-4FB0-9D9F-11167DBB4F47}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A3B5059-EC17-4836-984D-5B1C84B74930}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1D6C3447-FA90-48D4-9A89-423EF3F138AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E4C4810-64C1-4E7C-A9A4-53D02034DB41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{260E4C8D-1E42-4C9F-8AA7-BA5E7DDBD710}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{26BB560E-8F77-46C0-9B89-DF249BF1DF19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A4E94A1-D6C0-4899-B4EB-8DE178F16CB2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CE17A9F-4F7D-4D14-A8A0-7A647598F7F7}" = protocol=17 | dir=in | app=c:\users\alexa\appdata\local\akamai\netsession_win.exe |
"{37BD6EA6-ECFD-48AD-9267-7F5380708BF4}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{45D0DA2F-DEF3-450C-B064-B420ADB2794F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A5316FE-0205-4D7D-A31A-05B9A248E07E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C5F313A-33C8-4ECD-8525-388A58DEFB07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C9F8E96-1C5E-4511-8809-A8E4BA9C3A21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5039C749-2AD7-449B-8F7D-5274E561644A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51783013-DC0C-4017-8DA5-A82CFD31C79D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{518464FF-F7F2-4806-8457-C74431C8F744}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{52FF62BC-EF21-41F0-822C-F94D21C7087A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{53404822-CC63-4253-8FB6-0EED878A71F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{552086D3-FA5D-4C6B-8242-19FE11ED53AD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{55443DFC-5AEC-4062-9783-7922D9074B8E}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{56CB9070-310F-4CB7-BAE8-BD0D8F542CCC}" = dir=in | app=d:\setup\hpznui40.exe |
"{61EAD5AE-DDD3-4525-86CA-6972277E1A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{643314DA-66A4-4E50-8C0E-4DB5ED5EB3B8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{704CF538-46A9-4F66-AFE9-87CD3D4A768B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{71CE01CB-F0F1-44BD-935D-B5A98EDDC0D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B296288-8908-4751-BDC0-A7C6360E8B90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7DE2E62B-CC9B-4676-A7F8-B27218AC8762}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7ED4ED3C-062F-461E-A1D5-5940F540C85D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7EED84E8-11CF-4732-BAA3-8D502482A3F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7FC268AC-9A40-4C0F-8F7F-E5E063939378}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{826E3659-C18D-42A1-99AB-1BC2AFDF84F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{87ED29AC-5ECB-4DC5-838E-028987E4FD38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{881F7FAC-F01E-4D37-92D1-96DD69801DA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8973C79A-5301-498E-8F52-1106BB0100CC}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{96223B6A-0EC1-4EFD-BC00-18C96005DCAC}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{96C11DA9-F2B2-4595-92B1-4ED48BE31295}" = dir=in | app=c:\users\alexa\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A83610A9-4FB3-44F0-9C26-A4D00A30E30C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A97A07CA-5962-4ACE-807A-7F0E681D913E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA246009-0453-4D95-9335-47FA713EF0D1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B08E4642-B9AF-40DF-8933-BCCBBE8DBE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B11DDD34-518E-4F7C-B71E-9C8E7F577CC1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CCF5D02B-EED1-4341-96A9-76360413971A}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{CE7D06DD-12EC-4E4E-B1B1-B06C1B3AE700}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D0C607A3-6B73-4FF6-9C07-2195D445600B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D7A89CB9-CBA9-4036-A941-E187B49E1D3A}" = protocol=6 | dir=out | app=system |
"{ECEBEB94-AC53-4140-B3CF-8B09CC3EFAA0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F368FB64-2CFC-4A1B-A9A4-E40F42AD524F}" = protocol=6 | dir=in | app=c:\users\alexa\appdata\local\akamai\netsession_win.exe |
"{F70BD015-DCCD-47D1-87AD-BCC003C6F3A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FBD64336-7CFE-4BB2-B700-854110FDAF6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{74CE920E-E5CA-4BB9-9E31-72EADD49F5D5}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A8C6B3B5-048F-4FEA-8C00-778F24DB0849}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{D4FF9AD6-4D9F-4F5C-8931-BC7E3012C8D4}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{F8ECD5F6-A99B-4546-9C32-4C1CAB7740B0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"ARO 2012_is1" = ARO 2012
"AVG" = AVG 2012
"DW WLAN Card Utility" = DW WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"WxDFast" = WxDFast

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" = wxDownload
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HP Photo Creations" = HP Photo Creations
"InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PROR" = Microsoft Office Professional 2007
"RealPlayer 15.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 4.6
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TuneUpMedia" = TuneUp Companion 2.1.1
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Veoh Web Player Beta" = Veoh Web Player
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer
"WTA-126e9c62-bdc6-465b-8dcf-a710ed474b08" = Jane's Hotel Mania
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/16/2013 11:50:23 AM | Computer Name = Alexa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/16/2013 11:50:24 AM | Computer Name = Alexa-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Broadcom Wireless LAN Events ]
Error - 12/28/2012 10:47:08 AM | Computer Name = Alexa-PC | Source = WLAN-Tray | ID = 0
Description = 09:46:35, Fri, Dec 28, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 12/29/2010 11:05:28 AM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/29/2010 11:05:28 AM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/29/2010 7:01:00 PM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/29/2010 7:01:00 PM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/31/2010 2:41:13 AM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/31/2010 2:41:13 AM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/15/2011 5:50:20 PM | Computer Name = Alexa-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 3/14/2012 7:31:28 PM | Computer Name = Alexa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18862
seconds with 60 seconds of active time. This session ended with a crash.


< End of report >
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 16th, 2013, 12:41 pm

One last think I forgot to mention. When the OTL program was running an error came up asking us to insert a disk into a drive... And I did not write down the error like an idiot. I am pretty sure it was c:\harddrive\dr2 ... we could not click try again or continue .. we had to click cancel for the program to continue its scan. I hope the log show it.

Rob
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby Gary R » March 16th, 2013, 2:07 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Alexa\AppData\Local\Microsoft\Internet Explorer\DOMStore\RO42B1U9\www.searchnu[1].xml
C:\Users\Alexa\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FHKCUCOA\www.searchnu[1].xml
C:\Users\Alexa\AppData\Local\Temp\searchqutoolbar-manifest.xml 
C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage8AAC6FBFA5261C6D62F113E87F2FCB6F
C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal
C:\Users\Alexa\AppData\Roaming\FrostWire
C:\Users\Alexa\AppData\Roaming\uTorrent

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe]
[-HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA69EA2C-C86E-42A2-B738-4609731B4779}]
"AppPath"=-
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q= {searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN139&keywords= {searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q= {searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN139&keywords= {searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = http://www.questscan.com/?prt=QUESTSCAN139&keywords= {searchTerms}
IE - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\SearchScopes\{724F9E74-36AF-46D8-9102-8069887F5BB1}: "URL" = http://websearch.ask.com/custom/java/re ... &src=kw&q= {searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
[2012/09/16 11:30:31 | 000,002,089 | ---- | M] () -- C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\searchplugins\Startpins.xml
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-982022550-2211653999-1971989902-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O33 - MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\Shell - "" = AutoRun
O33 - MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2013/03/14 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{56D8AFCE-2602-4C87-BDAD-9AE554E1E1FF}
[2013/03/14 10:44:02 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{DF6573D2-9AED-45DA-8B30-EA81DA2CF373}
[2013/03/09 11:29:21 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{A0C721F7-A6FE-4DB7-9E1D-05197986B0D4}
[2013/03/02 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{34EC9123-1C29-4687-B1DE-48574C75F78B}
[2013/02/27 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{893DF2CF-AF31-45FD-AE20-4F653A7324E5}
[2013/02/26 01:51:46 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{B1385A02-4364-4CCB-A028-A55B43062750}
[2013/02/23 14:39:37 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{A30A6C05-BFF9-48EC-BC9F-578F834F1320}
[2013/02/21 14:48:37 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{4D88B45F-F3E3-4845-87D2-6BBBA59AD6EF}
[2013/02/20 09:35:45 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{F5F34313-129C-4061-924E-B6AED3403710}
[2013/02/17 14:06:27 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{138430E4-5A94-45F9-BD00-263BC30CFBB8}
[2013/02/14 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Alexa\AppData\Local\{DD3FDC8F-AE9B-4C1E-B731-05D06D135900}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Let me know how the computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 17th, 2013, 1:58 pm

OTL Fix Log.
Once again when we ran the OTL.exe we got the error.
no disk in drive
please insert disk into drive
\device\harddisk2\dr2

We hit Cancel and the program ran fine.


All processes killed
========== FILES ==========
C:\Users\Alexa\AppData\Local\Microsoft\Internet Explorer\DOMStore\RO42B1U9\www.searchnu[1].xml moved successfully.
C:\Users\Alexa\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FHKCUCOA\www.searchnu[1].xml moved successfully.
C:\Users\Alexa\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
File\Folder C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage8AAC6FBFA5261C6D62F113E87F2FCB6F not found.
C:\Users\Alexa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Alexa\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\Alexa\AppData\Roaming\uTorrent folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iLivid.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA69EA2C-C86E-42A2-B738-4609731B4779}\\AppPath deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Trolltech\ not found.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C}\ not found.
Registry key HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Microsoft\Internet Explorer\SearchScopes\{724F9E74-36AF-46D8-9102-8069887F5BB1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724F9E74-36AF-46D8-9102-8069887F5BB1}\ not found.
Prefs.js: ffxtlbr%40incredibar.com:1.5.0 removed from extensions.enabledAddons
C:\Users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\tmnjr2nb.default\searchplugins\Startpins.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-982022550-2211653999-1971989902-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ade933bb-6d8c-11e1-8af8-806e6f6e6963}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7a27967-25e2-11e1-b096-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7a27967-25e2-11e1-b096-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7a27967-25e2-11e1-b096-806e6f6e6963}\ not found.
File E:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee25bee1-15e5-11e0-b327-f9242109755d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee25bee1-15e5-11e0-b327-f9242109755d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee25bee1-15e5-11e0-b327-f9242109755d}\ not found.
File E:\LaunchU3.exe -a not found.
C:\Users\Alexa\AppData\Local\{56D8AFCE-2602-4C87-BDAD-9AE554E1E1FF} folder moved successfully.
C:\Users\Alexa\AppData\Local\{DF6573D2-9AED-45DA-8B30-EA81DA2CF373} folder moved successfully.
C:\Users\Alexa\AppData\Local\{A0C721F7-A6FE-4DB7-9E1D-05197986B0D4} folder moved successfully.
C:\Users\Alexa\AppData\Local\{34EC9123-1C29-4687-B1DE-48574C75F78B} folder moved successfully.
C:\Users\Alexa\AppData\Local\{893DF2CF-AF31-45FD-AE20-4F653A7324E5} folder moved successfully.
C:\Users\Alexa\AppData\Local\{B1385A02-4364-4CCB-A028-A55B43062750} folder moved successfully.
C:\Users\Alexa\AppData\Local\{A30A6C05-BFF9-48EC-BC9F-578F834F1320} folder moved successfully.
C:\Users\Alexa\AppData\Local\{4D88B45F-F3E3-4845-87D2-6BBBA59AD6EF} folder moved successfully.
C:\Users\Alexa\AppData\Local\{F5F34313-129C-4061-924E-B6AED3403710} folder moved successfully.
C:\Users\Alexa\AppData\Local\{138430E4-5A94-45F9-BD00-263BC30CFBB8} folder moved successfully.
C:\Users\Alexa\AppData\Local\{DD3FDC8F-AE9B-4C1E-B731-05D06D135900} folder moved successfully.
C:\Windows\SysWow64\sho2908.tmp deleted successfully.
C:\Windows\SysWow64\sho80C.tmp deleted successfully.
C:\Windows\SysWow64\shoAE60.tmp deleted successfully.
C:\Windows\SysWow64\shoBB44.tmp deleted successfully.
C:\Windows\SysWow64\shoD817.tmp deleted successfully.
C:\Windows\SysWow64\shoDAD8.tmp deleted successfully.
C:\Windows\SysWow64\shoF026.tmp deleted successfully.
C:\Windows\SysWow64\shoF4B3.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexa
->Temp folder emptied: 1244676126 bytes
->Temporary Internet Files folder emptied: 756067763 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 308337557 bytes
->Google Chrome cache emptied: 317066457 bytes
->Flash cache emptied: 346776 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806863333 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14001134 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049583 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 17909027171 bytes

Total Files Cleaned = 20,402.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03172013_112627

Files\Folders moved on Reboot...
C:\Users\Alexa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 17th, 2013, 2:00 pm

Eset Log

Machine still running slow.


C:\torrent.exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Alexa\Alexa\Downloads\LimeWireWin(5).exe multiple threats
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480(2).exe a variant of Win32/MessengerPlus application
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application
C:\Users\Alexa\Downloads\frostwire-4.21.8.windows.exe multiple threats
C:\Users\Alexa\Downloads\GraboidVideoSetup-3.01-Complete.exe Win32/Graboid application
C:\Users\Alexa\Downloads\heroes_season_2 (1).exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\Users\Alexa\Downloads\heroes_season_2 (2).exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\Users\Alexa\Downloads\heroes_season_2.exe NSIS/TrojanDownloader.Agent.NLH trojan
C:\Users\Alexa\Downloads\Unconfirmed 39693.crdownload multiple threats
C:\Users\Alexa\Videos\Veoh\3_VeohWebPlayerSetup_upgrade_eng.exe multiple threats
C:\_OTL\MovedFiles\03172013_112627\C_Users\Alexa\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.3.windows.exe multiple threats
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby Gary R » March 17th, 2013, 3:20 pm

If you haven't already done so ... Reboot your computer.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\torrent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Users\Alexa\Alexa\Downloads\LimeWireWin(5).exe
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480(2).exe
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480.exe
C:\Users\Alexa\Downloads\frostwire-4.21.8.windows.exe
C:\Users\Alexa\Downloads\GraboidVideoSetup-3.01-Complete.exe
C:\Users\Alexa\Downloads\heroes_season_2 (1).exe
C:\Users\Alexa\Downloads\heroes_season_2 (2).exe
C:\Users\Alexa\Downloads\heroes_season_2.exe
C:\Users\Alexa\Downloads\Unconfirmed 39693.cr
C:\Users\Alexa\Videos\Veoh\3_VeohWebPlayerSetup_upgrade_eng.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.


Let me know how your computer is running now please.




.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 17th, 2013, 3:44 pm

Machine appears to be running much better. Reboots faster and programs appear to have stopped hanging.

========== FILES ==========
C:\torrent.exe moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe moved successfully.
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe moved successfully.
C:\Users\Alexa\Alexa\Downloads\LimeWireWin(5).exe moved successfully.
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480(2).exe moved successfully.
C:\Users\Alexa\Alexa\Downloads\MsgPlusLive-480.exe moved successfully.
C:\Users\Alexa\Downloads\frostwire-4.21.8.windows.exe moved successfully.
C:\Users\Alexa\Downloads\GraboidVideoSetup-3.01-Complete.exe moved successfully.
C:\Users\Alexa\Downloads\heroes_season_2 (1).exe moved successfully.
C:\Users\Alexa\Downloads\heroes_season_2 (2).exe moved successfully.
C:\Users\Alexa\Downloads\heroes_season_2.exe moved successfully.
File\Folder C:\Users\Alexa\Downloads\Unconfirmed 39693.cr not found.
C:\Users\Alexa\Videos\Veoh\3_VeohWebPlayerSetup_upgrade_eng.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03172013_153908
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby Gary R » March 17th, 2013, 4:06 pm

OK, looks like we got everything that's been showing in your logs now.

There was also an awful lot of "temp files" on your daughter's computer (approx 20 Gigabytes of them) which we've removed, she needs to learn to empty out her temp folders from time to time so that they don't build up again.

To do this all she needs to do is ...

  • Click Start and in the Search progarmas and files box type cleanmgr then click OK.
  • This will bring up the Disk Cleanup window.
  • Check the following entries.
    • Temporary Internet Files.
    • Recycle Bin.
    • Temporary Files.
  • Click OK.
  • When a prompt pops up click Delete files.

... no need to do it now, since we've just cleaned them out.

All we need to do now is to remove the programs we've been using to clean your daughter's machine, then make it more resistant to future infection.

First

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete ...

JRT.exe
JRT.txt


Next

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Tweaking.com Registry Backup


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21864
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Blue Screen of Death, Browser Hijackers, Slow machine

Unread postby IslandGuy » March 17th, 2013, 4:21 pm

Great.... Thanks for your help.

I will try and get her to be more careful !!
IslandGuy
Regular Member
 
Posts: 18
Joined: October 19th, 2012, 11:45 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware