Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

adnxs.com redirection on links, iLivid(?) hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 9th, 2013, 6:27 pm

Hi,

Suddenly got redirected links on Chrome, requests to install Flash HD, lots of redirections to random websites, some words on proper websites carrying spammy links.

Computer is my trusty Samsung NC10 netbook. Have XP SP3 with Chrome, Firefox and IE installed.

Thanks in advance for help, Terry

Logs below:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Terry at 22:59:57 on 2013-04-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.777 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Outpost Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Gizmo\gservice.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\Terry\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Gizmo\gizmo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Terry\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - c:\program files\pricepeep\pricepeep.dll
uRun: [Google Update] "c:\documents and settings\terry\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [SearchProtect] c:\documents and settings\terry\application data\searchprotect\bin\cltmng.exe
uRun: [GizmoDriveDelegate] "c:\program files\gizmo\gizmo.exe" /RemountStartupImages
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\terry\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\documents and settings\terry\start menu\programs\startup\inv_drive_noteb.bat
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gizmo.lnk - c:\program files\gizmo\gizmo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8382369390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/ ... anager.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{CADAE3F1-AE1E-4B4E-9C1B-9AB22D06DECD} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... v=TB_SA&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\terry\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-20 11:18; pricepeep@getpricepeep.com; c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\extensions\pricepeep@getpricepeep.com.xpi
FF - ExtSQL: 2013-02-25 00:32; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-04-05 16:39; plugin@selectionlinks.com; c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2013-04-05 16:44; {79b8e308-95a2-4044-932d-80e833a863cc}; c:\documents and settings\terry\application data\mozilla\firefox\profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
FF - ExtSQL: !HIDDEN! 2009-11-15 14:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2011-8-20 25488]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-10-25 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2008-11-12 4300]
R2 Gizmo Central;Gizmo Central;c:\program files\gizmo\gservice.exe [2011-8-20 34728]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\samsung network manager\SNMWLANService.exe [2006-10-30 36864]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-10-25 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-10-25 257432]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-5-22 28256]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2008-11-12 238464]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-10-25 1195008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-5-22 28256]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-9-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-10-30 19840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-09 21:43:58 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa481ba0-e8f5-4880-b8ef-e47a3d92090d}\mpengine.dll
2013-04-08 22:48:16 -------- d-----w- c:\documents and settings\terry\application data\Optimizer Pro
2013-04-08 22:40:31 -------- d-----w- c:\program files\Optimizer Pro
2013-04-08 22:39:07 274432 ----a-w- c:\windows\system32\ssleay32.dll
2013-04-08 22:39:06 1122304 ----a-w- c:\windows\system32\libeay32.dll
2013-04-08 22:39:05 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-04-08 22:39:05 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-04-08 22:39:01 -------- d-----w- c:\program files\ILivid Removal Tool
2013-04-08 22:07:56 -------- d-----w- c:\documents and settings\terry\application data\SUPERAntiSpyware.com
2013-04-08 22:06:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-08 22:06:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-04-08 20:32:32 7108640 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-05 23:04:05 -------- d-----w- c:\documents and settings\terry\application data\Cool Record Edit Pro
2013-04-05 15:44:14 -------- d-----w- c:\program files\SearchProtect
2013-04-05 15:43:26 -------- d-----w- c:\documents and settings\terry\application data\SearchProtect
2013-04-05 15:42:50 -------- d-----w- c:\documents and settings\terry\application data\Free Sound Recorder
2013-04-05 15:42:03 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2013-04-05 15:42:03 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2013-04-05 15:42:02 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2013-04-05 15:42:02 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2013-04-05 15:42:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2013-04-05 15:42:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2013-04-05 15:42:00 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2013-04-05 15:42:00 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2013-04-05 15:41:59 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2013-04-05 15:41:59 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2013-04-05 15:41:57 -------- d-----w- c:\program files\Free Sound Recorder
2013-04-05 15:39:37 -------- d-----w- c:\program files\PricePeep
2013-04-05 15:39:14 -------- d-----w- c:\program files\OApps
2013-04-05 15:33:53 -------- d-----w- c:\program files\Streamripper
2013-03-29 00:35:25 -------- d-----w- c:\documents and settings\terry\application data\JAM Software
2013-03-29 00:34:56 -------- d-----w- c:\program files\JAM Software
2013-03-21 22:48:13 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-19 21:30:46 6066296 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-12 23:45:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 23:45:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-05 23:15:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 23:15:03 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-05 23:15:01 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-05 23:15:00 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 15:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 23:01:33.13 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 22/02/2009 03:25:01
System Uptime: 08/04/2013 21:19:11 (26 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 9.855 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 35.425 GiB free.
Q: is FIXED (NTFS) - 71 GiB total, 9.855 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP605: 07/03/2013 23:35:03 - System Checkpoint
RP606: 08/03/2013 01:08:02 - Software Distribution Service 3.0
RP607: 09/03/2013 17:40:13 - Software Distribution Service 3.0
RP608: 10/03/2013 22:32:42 - Software Distribution Service 3.0
RP609: 12/03/2013 08:47:45 - Software Distribution Service 3.0
RP610: 12/03/2013 20:34:02 - Software Distribution Service 3.0
RP611: 13/03/2013 09:04:28 - Software Distribution Service 3.0
RP612: 15/03/2013 11:54:06 - Software Distribution Service 3.0
RP613: 17/03/2013 16:07:20 - Software Distribution Service 3.0
RP614: 19/03/2013 07:27:44 - Software Distribution Service 3.0
RP615: 20/03/2013 10:34:42 - Software Distribution Service 3.0
RP616: 21/03/2013 22:59:47 - Software Distribution Service 3.0
RP617: 21/03/2013 23:42:18 - Software Distribution Service 3.0
RP618: 22/03/2013 23:08:31 - Software Distribution Service 3.0
RP619: 24/03/2013 08:22:16 - Software Distribution Service 3.0
RP620: 25/03/2013 09:33:23 - Software Distribution Service 3.0
RP621: 26/03/2013 11:10:55 - Software Distribution Service 3.0
RP622: 27/03/2013 20:26:40 - Software Distribution Service 3.0
RP623: 29/03/2013 00:26:25 - Software Distribution Service 3.0
RP624: 30/03/2013 08:21:33 - Software Distribution Service 3.0
RP625: 01/04/2013 14:56:33 - Software Distribution Service 3.0
RP626: 02/04/2013 15:51:43 - Software Distribution Service 3.0
RP627: 04/04/2013 00:19:29 - Software Distribution Service 3.0
RP628: 05/04/2013 01:04:35 - System Checkpoint
RP629: 05/04/2013 16:00:08 - Software Distribution Service 3.0
RP630: 07/04/2013 19:15:58 - Software Distribution Service 3.0
RP631: 08/04/2013 21:32:22 - Software Distribution Service 3.0
RP632: 09/04/2013 22:43:48 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
6300
6300_Help
6300Trb
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
Alleycode HTML Editor 2.2.0
Apple Application Support
Apple Software Update
Artisteer 2
Atheros WLAN Client
Audacity 2.0
AVG 2011
BlueJ
BufferChm
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
CutePDF Writer 2.8
Destinations
DeviceManagementQFolder
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Dropbox
Easy Display Manager
eSupportQFolder
Fax_CDA
Free Download Manager 3.9.2
Free Sound Recorder v9.4.1
FullDPAppQFolder
GIMP 2.6.8
Gizmo Central
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
hp deskjet 5550 series
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ILivid Removal Tool
imagine digital freedom - Samsung
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
IZArc 4.1
J2SE Runtime Environment 5.0
Java 7 Update 17
Java Access Bridge 2.0.2
Java Auto Updater
Java SE Development Kit 7 Update 5
Java(TM) 6 Update 22
Java(TM) 6 Update 39
JavaFX 2.1.1
JavaFX 2.1.1 SDK
LAME v3.99.3 (for Windows)
M250 JDK 7 documentation
M250 Microworlds
M250 OU Class Library Documentation
M250 OUWorkspace
Magic Keyboard
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Image Composite Editor
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0.2 (x86 en-GB)
Mp3tag v2.54
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Namuga 1.3M Webcam
NewCopy_CDA
Nokia Connectivity Cable Driver
Nokia PC Suite
OCR Software by I.R.I.S 7.0
OpenOffice.org 3.3
Optimizer Pro v3.0
Outpost Firewall 2009
PanoStandAlone
PC Connectivity Solution
PDF-Viewer
PhotoGallery
Play Camera
ProductContextNPI
QuickBooks SimpleStart Free Starter Edition
QuickTime
RandMap
Readme
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Media Catcher 4 (4.4.5)
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Network Manager 2.0
Samsung Recovery Solution III
Samsung Wallpaper
Scan
ScannerCopy
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SelectionLinks
SkinsHP1
Skype Click to Call
Skype™ 6.2
SlideShow
SolutionCenter
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 8
Spotify
Status
Streamripper (Remove only)
SUPERAntiSpyware
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Toolbox
TrayApp
TreeSize Free V2.7
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.1
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
XAMPP 1.7.4
yBook
.
==== Event Viewer Messages From Past Week ========
.
09/04/2013 22:26:44, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CADAE3F1-AE1E-4B4E-9C1B-9AB22D06DECD} because another computer on the network has the same name. The server could not start.
09/04/2013 22:26:38, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
09/04/2013 10:26:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
09/04/2013 10:25:40, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SNM WLAN Service service.
09/04/2013 01:59:27, error: Service Control Manager [7034] - The Agnitum Client Security Service service terminated unexpectedly. It has done this 4 time(s).
09/04/2013 01:50:52, error: Service Control Manager [7031] - The Agnitum Client Security Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
09/04/2013 01:45:45, error: Service Control Manager [7031] - The Agnitum Client Security Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
09/04/2013 01:42:55, error: Service Control Manager [7031] - The Agnitum Client Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
08/04/2013 21:29:34, error: Print [6161] - The document Microsoft Word - FH1303028.doc owned by Terry failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 2752512. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\TJD-NETBOOK. Win32 error code returned by the print processor: 6 (0x6).
07/04/2013 19:00:53, error: Print [19] - Sharing printer failed + 1722, Printer HP LaserJet 6MP Network share name Printer3.
05/04/2013 16:45:33, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
.
==== End Of File ===========================

topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm
Advertisement
Register to Remove

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 10th, 2013, 1:54 pm

Hello topgreyed, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 11th, 2013, 4:05 am

Thank you nunped,

I'll look out for your next instructions...

Terry
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 11th, 2013, 4:55 pm

Hi topgreyed,

Warning!
You have P2P (Peer to Peer) File Sharing Programs installed on your computer.
uTorrent

As long as you have the P2P program installed, we won't offer you no further assistance. See Forum Policy

If you choose NOT to remove the program, indicate that in your next reply and this topic will be closed.

Else, proceed to the next steps:

Step 1 - Remove Program Using Control Panel
From Start, Settings, Control Panel click Add/Remove Programs, and uninstall the programs:

µTorrent
AVG 2011
ILivid Removal Tool
Java(TM) 6 Update 22
Java(TM) 6 Update 39
Optimizer Pro v3.0
Search Protect by conduit
SelectionLinks


Step 2 - Junkware Removal Tool Image
  1. Please download jrt.exe by thisisu and save it to your desktop. Alternate download here.
  2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
  3. Right-click jrt.exe and select "Run as Administrator"
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  4. Please copy and paste the contents of JRT.txt and post in your next reply.

Step 3 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Double click OTL.exe (or OTL.com or OTL.scr) to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 12th, 2013, 11:56 am

Hallo nunped,

I uninstalled all the programs requested but had a problem with AVG 2011 as it's definitely not listed on 'Add or Remove Programs'. I ran the tools anyway - results are below.

Results go over character limit for message, so I'll send a second posting with 'Extras.txt'

Many thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Terry on 12/04/2013 at 0:36:00.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\free download manager
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricepeep
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricepeep.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricepeep.pricepeepbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricepeep.pricepeepbho.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\pricepeep"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Terry\Application Data\mozilla\firefox\profiles\4xeua7a1.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Terry\Application Data\mozilla\firefox\profiles\4xeua7a1.default\extensions\pricepeep@getpricepeep.com.xpi
Successfully deleted: [Folder] C:\Documents and Settings\Terry\Application Data\mozilla\firefox\profiles\4xeua7a1.default\smartbar
Successfully deleted the following from C:\Documents and Settings\Terry\Application Data\mozilla\firefox\profiles\4xeua7a1.default\prefs.js

user_pref("CT3282722.1000082.isPlayDisplay", "true");
user_pref("CT3282722.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description\":\"Classic Rock\",\"url\":\"hxxp://www.gotradio.com/player/launch.asp?id=
user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzY1NDU4NDA2MDYwLCJ1cGRhdGVSZXNwVGltZSI6MTM2NTQ1ODQxMDg1NSwiZGF0YSI6eyJzZXR0aW5nc
user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyNDUlMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMllvdSUyMGhhdmUlMjAlMjgyJTI5JTIwbG92ZSUyMG1lc3NhZ
user_pref("CT3282722.CT3282722current_term.enc", "");
user_pref("CT3282722.CT3282722sdate.enc", "OA==");
user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3282722.FF19Solved", "true");
user_pref("CT3282722.FirstTime", "true");
user_pref("CT3282722.FirstTimeFF3", "true");
user_pref("CT3282722.PG_ENABLE", "ZmFsc2U=");
user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vMjIvMzI4L0NUMzI4MjcyMi9TaGFyaW5nL3RlbXAvNjM0NDQyNDUyMzYyMDE4ODI5XzI0
user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");
user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM2NTQ1ODQzNjEyMCA=");
user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");
user_pref("CT3282722.UserID", "UN13156612163070362");
user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3282722.addressUrlXPETakeover", "true");
user_pref("CT3282722.autoDisableScopes", -1);
user_pref("CT3282722.defaultSearch", "false");
user_pref("CT3282722.embeddedsData", "[{\"appId\":\"130039643153976796\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3282722.enableAlerts", "true");
user_pref("CT3282722.enableFix404ByUser", "FALSE");
user_pref("CT3282722.enableSearchFromAddressBar", "true");
user_pref("CT3282722.firstTimeDialogOpened", "true");
user_pref("CT3282722.fixPageNotFoundError", "true");
user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");
user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3282722.fixUrls", true);
user_pref("CT3282722.installDate", "5/4/2013 16:43:22");
user_pref("CT3282722.installId", "conduitinstaller.exe");
user_pref("CT3282722.installType", "conduitnsisintegration");
user_pref("CT3282722.installUsage", "2013-04-09T01:00:57.9124483+03:00");
user_pref("CT3282722.installUsageEarly", "2013-04-06T02:13:59.5223396+03:00");
user_pref("CT3282722.installerVersion", "1.3.7.3");
user_pref("CT3282722.isCheckedStartAsHidden", true);
user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3282722.isFirstTimeToolbarLoading", "false");
user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3282722.keyword", "true");
user_pref("CT3282722.lastVersion", "10.15.310.1");
user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3282722.migrateAppsAndComponents", true);
user_pref("CT3282722.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://FreeOnlineRad
user_pref("CT3282722.openThankYouPage", "false");
user_pref("CT3282722.openUninstallPage", "true");
user_pref("CT3282722.revertSettingsEnabled", "FALSE");
user_pref("CT3282722.search.searchAppId", "130039643153976796");
user_pref("CT3282722.search.searchCount", "0");
user_pref("CT3282722.searchInNewTabEnabledByUser", "false");
user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");
user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282722\"}");
user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreeOnlineRadioPlayerRecorderV1.OurToolbar.com//xpi\"
user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeOnlineRadioPlayerRecorder V1\"}");
user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1365346271880");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1365346271883");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1365346271886");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1365346271930");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1365346271889");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1365346271872");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1365346271926");
user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1365346271892");
user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365203651320");
user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1365346285609");
user_pref("CT3282722.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1365346271933");
user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365203648214");
user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1365203640918");
user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1365458458355");
user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1365458487662");
user_pref("CT3282722.serviceLayer_services_login_10.15.310.1_lastUpdate", "1365458476816");
user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365203648492");
user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1365346270033");
user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1365458487399");
user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365203647351");
user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1365346285679");
user_pref("CT3282722.serviceLayer_services_translation_lastUpdate", "1365458487907");
user_pref("CT3282722.settingsINI", true);
user_pref("CT3282722.shouldFirstTimeDialog", "true");
user_pref("CT3282722.showToolbarPermission", "false");
user_pref("CT3282722.smartbar.CTID", "CT3282722");
user_pref("CT3282722.smartbar.Uninstall", "0");
user_pref("CT3282722.smartbar.isHidden", true);
user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");
user_pref("CT3282722.startPage", "false");
user_pref("CT3282722.toolbarBornServerTime", "9-4-2013");
user_pref("CT3282722.toolbarCurrentServerTime", "9-4-2013");
user_pref("CT3282722.toolbarLoginClientTime", "Mon Apr 08 2013 23:00:57 GMT+0100 (GMT Daylight Time)");
user_pref("CT3282722.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY28udWsvdXJsP3NhPXQmcmN0PWomcT1pbGl2aWQlMjBicm93c2VyJTIwaGlqYWNrJnNvdXJjZT13ZWImY2Q9MSZjYWQ9cmphJnNxaT0yJnZ
user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365547395038,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN13156612163070362&UM=2&sspv=TB_SA&q=");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN13156612163070362&UM=2&sspv=TB_SA&q=");
user_pref("smartbar.machineId", "NA6TTXWY3WSGITGDMWNTAVJVQTQ9+5RAXPSHGAHOZURXZPFRU2D53ZUQS3KVOWWUR/8CRBPJBHBPCUMOCSYT5A");
user_pref("smartbar.originalSearchAddressUrl", "");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2013 at 0:55:53.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 12/04/2013 01:01:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.84% Memory free
3.33 Gb Paging File | 2.16 Gb Available in Paging File | 64.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 11.57 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 35.42 Gb Free Space | 49.20% Space Free | Partition Type: NTFS
Drive Q: | 71.04 Gb Total Space | 11.57 Gb Free Space | 16.28% Space Free | Partition Type: NTFS

Computer Name: TJD-NETBOOK | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/12 01:00:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL\OTL.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Terry\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/03/06 00:15:07 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/25 01:30:26 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/17 00:06:36 | 006,860,288 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2012/12/14 02:44:19 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/20 10:41:31 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gservice.exe
PRC - [2011/08/20 10:40:57 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files\Gizmo\gizmo.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/03 19:18:12 | 008,133,120 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2010/10/18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/04/28 12:33:12 | 002,374,464 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe
PRC - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe
PRC - [2008/10/20 19:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/07 03:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/05/22 01:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/05/21 05:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 05:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/04/01 10:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/10/30 23:29:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/14 04:05:09 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/02/14 04:05:06 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/02/14 04:05:06 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/02/14 04:04:51 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/01/10 11:41:27 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/10 11:18:38 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df88c452\mscorlib.dll
MOD - [2013/01/10 11:18:28 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b5bb7f6c\system.drawing.dll
MOD - [2013/01/10 11:18:07 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_abcf56aa\system.xml.dll
MOD - [2013/01/10 11:17:53 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7e5a3d79\system.windows.forms.dll
MOD - [2013/01/10 11:17:25 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_648f7134\system.dll
MOD - [2013/01/10 11:17:04 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/10 11:17:02 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/10 11:16:59 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/12/26 09:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/08/20 10:41:33 | 000,394,656 | ---- | M] () -- C:\Program Files\Gizmo\gdrive.dll
MOD - [2011/08/20 10:41:01 | 000,166,816 | ---- | M] () -- C:\Program Files\Gizmo\gimage.dll
MOD - [2011/08/20 10:41:00 | 000,315,800 | ---- | M] () -- C:\Program Files\Gizmo\gmanager.dll
MOD - [2011/04/08 00:52:05 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/12/03 19:18:12 | 008,133,120 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
MOD - [2010/03/14 20:52:00 | 000,077,876 | ---- | M] () -- C:\xampp\apache\bin\zlib1.dll
MOD - [2010/01/20 20:15:50 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2010/01/20 20:15:45 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2010/01/20 20:15:44 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2010/01/20 20:15:42 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2010/01/20 20:15:41 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2010/01/20 20:15:41 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2010/01/20 20:15:40 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2010/01/20 20:15:40 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2010/01/20 20:15:40 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2010/01/20 20:15:39 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2010/01/20 20:15:39 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2010/01/20 20:15:39 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2010/01/20 20:15:39 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2010/01/20 20:15:39 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2010/01/20 20:15:39 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2010/01/20 20:15:39 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2010/01/20 20:15:38 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2010/01/20 20:15:37 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2010/01/20 20:15:36 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2010/01/20 20:15:36 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2010/01/20 20:15:36 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2010/01/20 20:15:35 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2010/01/20 20:15:35 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2010/01/20 20:15:35 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2010/01/20 20:15:35 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2010/01/20 20:15:35 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2010/01/20 20:15:35 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2010/01/20 20:15:35 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2010/01/20 20:15:35 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2010/01/20 20:15:34 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2010/01/20 20:15:34 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2009/11/15 15:19:03 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/11/13 02:55:18 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/04/02 15:23:54 | 000,206,848 | ---- | M] () -- C:\Program Files\Agnitum\Outpost Firewall\zlib.dll
MOD - [2008/10/20 19:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2008/04/14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/04/01 10:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2006/10/30 23:29:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
MOD - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006/08/12 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/07/13 01:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/13 00:45:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 00:15:07 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/07 14:54:40 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/08/20 10:41:31 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010/12/03 19:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/10/18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010/10/17 20:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2009/09/03 08:23:52 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/10 00:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/10/30 23:29:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/20 10:42:11 | 000,025,488 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\gizmodrv.sys -- (GizmoDrv)
DRV - [2011/06/26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 18:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 17:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/10/08 07:35:10 | 001,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/23 21:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/27 00:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/27 09:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/01/15 04:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007/08/15 08:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/03/31 21:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007/03/23 18:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 18:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 18:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 18:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/30 23:29:28 | 000,019,840 | ---- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005/10/27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\SearchScopes,DefaultScope = {86052D66-604E-44E6-A1FB-3F5BCBC7A5E9}
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\SearchScopes\{86052D66-604E-44E6-A1FB-3F5BCBC7A5E9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\SearchScopes\{A59151D2-44E6-4A35-98A6-D20B0528B627}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.yhs.search.yahoo.com/avg/sear ... rome_uk&p={searchTerms}
IE - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/04/12 00:35:57 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/09 17:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/25 01:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 00:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/02 01:06:58 | 000,000,000 | ---D | M]

[2009/07/22 17:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions
[2013/04/12 00:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions
[2010/05/02 18:15:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/22 13:02:33 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/04/05 16:43:22 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder V1) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
[2012/05/22 13:02:18 | 001,335,949 | ---- | M] () (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\firebug@software.joehewitt.com.xpi
[2013/04/08 22:58:50 | 000,349,773 | ---- | M] () (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/04/12 00:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:07:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/15 08:50:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/31 09:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/19 09:36:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/17 01:22:31 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.5.7.9
[2013/02/25 01:32:08 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XEUA7A1.DEFAULT\EXTENSIONS\PLUGIN@SELECTIONLINKS.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XEUA7A1.DEFAULT\EXTENSIONS\PRICEPEEP@GETPRICEPEEP.COM.XPI
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012/04/17 01:22:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013/02/25 01:30:59 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/04/17 01:22:33 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/17 01:22:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/17 01:22:33 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/17 01:22:33 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/17 01:22:33 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Terry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MFARestart] C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gizmo.lnk = C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit UK)
O4 - Startup: C:\Documents and Settings\Terry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Terry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Terry\Start Menu\Programs\Startup\inv_drive_noteb.bat ()
O4 - Startup: C:\Documents and Settings\Terry\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8382369390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2008/11/12 00:32:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\AutoRun\command - "" = ReCYClER\\DrIVeR.EXe
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\eXPLOre\cOMMANd - "" = rECyCLeR\\DRIVEr.eXe
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\OPen\coMMaNd - "" = rECYCLEr\DrIVER.ExE
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\AutoRun\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\explore\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\open\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\Shell\AutoRun\command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\Shell\Option1\Command - "" = F:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 00:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/12 00:34:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/09 22:59:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Terry\Desktop\dds.scr
[2013/04/08 23:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/08 23:39:07 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2013/04/08 23:39:06 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2013/04/08 23:39:05 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2013/04/08 23:39:05 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2013/04/08 23:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\ILivid Removal Tool
[2013/04/06 00:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Cool Record Edit Pro
[2013/04/05 16:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\My Documents\Free Sound Recorder
[2013/04/05 16:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Free Sound Recorder
[2013/04/05 16:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Sound Recorder
[2013/04/05 16:42:03 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll
[2013/04/05 16:42:03 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2013/04/05 16:42:02 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2013/04/05 16:42:02 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2013/04/05 16:42:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2013/04/05 16:42:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2013/04/05 16:42:00 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2013/04/05 16:42:00 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2013/04/05 16:41:59 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2013/04/05 16:41:59 | 000,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2013/04/05 16:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2013/04/05 16:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Start Menu\Programs\Free Ride Games
[2013/04/05 16:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013/04/05 16:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Streamripper
[2013/03/29 01:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\JAM Software
[2013/03/29 01:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TreeSize Free
[2013/03/29 01:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2013/03/25 09:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/21 23:48:13 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/12 01:06:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 00:58:20 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3421510218-3125993559-1735289115-1006UA.job
[2013/04/12 00:44:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/12 00:18:33 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3421510218-3125993559-1735289115-1006.job
[2013/04/12 00:18:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3421510218-3125993559-1735289115-1006.job
[2013/04/11 09:01:21 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Terry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/11 09:01:19 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Google Chrome.lnk
[2013/04/11 08:21:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 08:21:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/11 08:21:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 08:21:08 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 00:56:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 00:36:46 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 00:32:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/09 23:11:58 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3421510218-3125993559-1735289115-1006Core.job
[2013/04/09 22:59:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Terry\Desktop\dds.scr
[2013/04/07 15:55:51 | 000,000,548 | ---- | M] () -- C:\hpfr5550.xml
[2013/04/05 16:53:48 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\store-pp.jbs
[2013/04/05 16:52:21 | 000,503,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/05 16:52:21 | 000,087,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 16:42:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Free Sound Recorder.lnk
[2013/04/05 16:41:06 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2013/04/04 17:04:45 | 000,003,033 | ---- | M] () -- C:\Documents and Settings\Terry\.recently-used.xbel
[2013/04/04 14:54:27 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/04 12:24:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/04/02 11:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/04/02 00:15:33 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/29 18:07:14 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2013/03/26 23:30:07 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Terry\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/26 23:29:14 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Dropbox.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/05 16:53:48 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\store-pp.jbs
[2013/04/05 16:42:24 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Free Sound Recorder.lnk
[2013/04/05 16:42:03 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2013/04/05 16:41:06 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/04/04 17:04:45 | 000,003,033 | ---- | C] () -- C:\Documents and Settings\Terry\.recently-used.xbel
[2013/03/29 18:07:14 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2013/02/20 12:59:51 | 000,207,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3421510218-3125993559-1735289115-1006-0.dat
[2013/02/19 00:19:03 | 000,207,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 23:51:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/31 22:38:39 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/20 10:52:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 01:04:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\housecall.guid.cache
[2010/02/24 15:21:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\prvlcl.dat
[2010/01/01 10:47:05 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\fusioncache.dat
[2009/08/10 02:29:57 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\Terry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/11/13 02:55:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 05:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 12th, 2013, 11:57 am

And the OTL Extras file as promised:
OTL Extras logfile created on: 12/04/2013 01:01:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.84% Memory free
3.33 Gb Paging File | 2.16 Gb Available in Paging File | 64.81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 11.57 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 35.42 Gb Free Space | 49.20% Space Free | Partition Type: NTFS
Drive Q: | 71.04 Gb Total Space | 11.57 Gb Free Space | 16.28% Space Free | Partition Type: NTFS

Computer Name: TJD-NETBOOK | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Terry\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Terry\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Downloads\Software\utorrent\utorrent.exe" = C:\Downloads\Software\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks SimpleStart Free Starter Edition
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Artisteer 2" = Artisteer 2
"Audacity_is1" = Audacity 2.0
"CutePDF Writer Installation" = CutePDF Writer 2.8
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Gizmo Central" = Gizmo Central
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"Java Access Bridge 2.0.2" = Java Access Bridge 2.0.2
"Kobeman_is1" = Alleycode HTML Editor 2.2.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"M250 JDK 7 documentation" = M250 JDK 7 documentation
"M250 Microworlds" = M250 Microworlds
"M250 OU Class Library Documentation" = M250 OU Class Library Documentation
"M250 OUWorkspace" = M250 OUWorkspace
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Mp3tag" = Mp3tag v2.54
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 16.0" = RealPlayer
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.5)
"Spotify" = Spotify
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"yBook_is1" = yBook

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2013 11:41:46 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\CONTINUE DOWNLOADING 7 WONDERS II.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 05/04/2013 11:41:46 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\CONTINUE DOWNLOADING 7 WONDERS II.LNK> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 05/04/2013 11:41:47 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\UNINSTALL 7 WONDERS II.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 05/04/2013 11:41:47 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\UNINSTALL 7 WONDERS II.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 05/04/2013 11:43:00 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\UNINSTALL 7 WONDERS II.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 05/04/2013 11:43:00 | Computer Name = TJD-NETBOOK | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TERRY\START MENU\PROGRAMS\FREE
RIDE GAMES\7 WONDERS II\UNINSTALL 7 WONDERS II.LNK> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 07/04/2013 10:51:13 | Computer Name = TJD-NETBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.2.223.0, P3 timeout, P4 1.1.9302.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 08/04/2013 14:23:32 | Computer Name = TJD-NETBOOK | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 26.0.1410.43, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/04/2013 19:18:29 | Computer Name = TJD-NETBOOK | Source = CltMngSvc | ID = 1000
Description =

Error - 11/04/2013 19:35:13 | Computer Name = TJD-NETBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 11/04/2013 19:17:15 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/04/2013 19:17:16 | Computer Name = TJD-NETBOOK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 13th, 2013, 4:05 am

Hi topgreyed,

Step 1
    It looks like there are some remnants from AVG.
  • Please download this tool to your desktop.
  • Double click to run it.

Step 2 - Fix with OTL
  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
[2013/04/05 16:43:22 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder V1) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XEUA7A1.DEFAULT\EXTENSIONS\PLUGIN@SELECTIONLINKS.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4XEUA7A1.DEFAULT\EXTENSIONS\PRICEPEEP@GETPRICEPEEP.COM.XPI
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3421510218-3125993559-1735289115-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\AutoRun\command - "" = ReCYClER\\DrIVeR.EXe
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\eXPLOre\cOMMANd - "" = rECyCLeR\\DRIVEr.eXe
O33 - MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\Shell\OPen\coMMaNd - "" = rECYCLEr\DrIVER.ExE
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\AutoRun\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\explore\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\Shell\open\command - "" = E:\jedna/stvar.exe
O33 - MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\Shell\AutoRun\command - "" = F:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\Shell\Option1\Command - "" = F:\hbcd\wintools\autorun.exe
[2013/04/08 23:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\ILivid Removal Tool

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 3
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *oapps*
    *optimizer pro*
    *pricepeep*
    *smartbar*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *oapps*
    *optimizer pro*
    *pricepeep*
    *smartbar*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    oapps
    optimizer pro
    pricepeep
    smartbar
    conduit
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 4
Please tell me how is your computer behaving.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 13th, 2013, 1:31 pm

Hi nunped,

Have runs scans successfully so will post logs now, then add report of how computer is behaving after a bit of experience.

Thank you so much, topgreyed

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\Plugins folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\modules folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\META-INF folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\lib folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\defaults folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\components folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\sl folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\lib folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\core folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa\404 folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\api folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic\uninstall\dialog\js folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic\uninstall\dialog\images folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic\uninstall\dialog\css folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic\uninstall\dialog folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic\uninstall folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\logic folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722 folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc} folder moved successfully.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {B479199A-1242-4E3C-AD81-7F0DF801B4AE}
C:\WINDOWS\Downloaded Program Files\MicrosoftDownloadManager.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062322-e6c1-11de-9cff-001377d3f3ff}\ not found.
File C:\ReCYClER\\DrIVeR.EXe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062322-e6c1-11de-9cff-001377d3f3ff}\ not found.
File C:\rECyCLeR\\DRIVEr.eXe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062322-e6c1-11de-9cff-001377d3f3ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062322-e6c1-11de-9cff-001377d3f3ff}\ not found.
File C:\rECYCLEr\DrIVER.ExE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062325-e6c1-11de-9cff-001377d3f3ff}\ not found.
File E:\jedna/stvar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062325-e6c1-11de-9cff-001377d3f3ff}\ not found.
File E:\jedna/stvar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04062325-e6c1-11de-9cff-001377d3f3ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04062325-e6c1-11de-9cff-001377d3f3ff}\ not found.
File E:\jedna/stvar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21266972-bc3f-11df-9dcd-002269e68057}\ not found.
File F:\hbcd\wintools\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21266972-bc3f-11df-9dcd-002269e68057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21266972-bc3f-11df-9dcd-002269e68057}\ not found.
File F:\hbcd\wintools\autorun.exe not found.
C:\Program Files\ILivid Removal Tool\Results folder moved successfully.
C:\Program Files\ILivid Removal Tool folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 2036850 bytes
->Temporary Internet Files folder emptied: 824408 bytes

User: Terry
->Temp folder emptied: 1697031239 bytes
->Temporary Internet Files folder emptied: 797034891 bytes
->Java cache emptied: 2337761 bytes
->FireFox cache emptied: 150573834 bytes
->Google Chrome cache emptied: 309495801 bytes
->Flash cache emptied: 111746 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4328977 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295668697 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 376404716 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 609763966 bytes

Total Files Cleaned = 4,049.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04132013_173043

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







SystemLook 30.07.11 by jpshortstuff
Log created at 17:44 on 13/04/2013 by Terry
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Documents and Settings\Terry\My Documents\Downloads\ILividRemovalTool.exe --a---- 2540944 bytes [22:36 08/04/2013] [22:37 08/04/2013] A0D474E462C3906C00033767A75CCADD

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*oapps*"
No files found.

Searching for "*optimizer pro*"
No files found.

Searching for "*pricepeep*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*conduit*"
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Images_634395857832631250.png --a---- 2103 bytes [23:14 05/04/2013] [23:14 05/04/2013] 8604205041A2A1C043B0762C9B8ACE35
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Images_634442455540301510.png --a---- 1034 bytes [23:14 05/04/2013] [23:14 05/04/2013] 32E311F268472B9C27C753C24A141292
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Images_634442455899692570.png --a---- 934 bytes [23:14 05/04/2013] [23:14 05/04/2013] 734301DF75E92204AA37C25AB1068CBA
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Images_634848883110773200.png --a---- 964 bytes [23:14 05/04/2013] [23:14 05/04/2013] 284CFFD95CF6785A883044F9C353B2A0
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Sharing_temp_634442447197265670_24PX.png --a---- 1102 bytes [23:14 05/04/2013] [23:14 05/04/2013] 39EDA4BC7720462CD4B48AF0670D8A3C
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_58_273_CT2737658_Sharing_temp_634442448781354624_24PX.png --a---- 834 bytes [23:14 05/04/2013] [23:14 05/04/2013] 5D9E6DD117321E8BFA64C0884095361E
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png --a---- 772 bytes [23:14 05/04/2013] [23:14 05/04/2013] 1805E8470C0EE167396751BA3E9B0AAA
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [23:14 05/04/2013] [23:14 05/04/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [23:14 05/04/2013] [23:14 05/04/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_images_components_separator.gif --a---- 314 bytes [23:14 05/04/2013] [23:14 05/04/2013] 2E25133B02C7C430B953CC6B2C092010
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [23:14 05/04/2013] [23:14 05/04/2013] 948781E4B6478290050ECA4423B89B1E
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_MarketPlace_13_aa5_13de0b45-c3f8-450a-9df2-fcfd83882aa5_Appearance_634316749955312502.png --a---- 1030 bytes [23:14 05/04/2013] [23:14 05/04/2013] FBBDF82E2B7889FACF9134A5B904EF1D
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_MarketPlace_2e_33e_2ec9e65c-72a4-4035-8a0e-06a6f1e0533e_Appearance_634394279015031252.png --a---- 1569 bytes [23:14 05/04/2013] [23:14 05/04/2013] CDE946C4BE8938EC9207AA2AA2E62E35
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_MarketPlace_90_324_90df0902-c398-424f-8071-5930a38ef324_Appearance_634339754654193753.png --a---- 1053 bytes [23:14 05/04/2013] [23:14 05/04/2013] F244070A4DE17F574DF7ABC82D4C5CF9
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages\http___storage_conduit_com_MarketPlace_e9_861_e9f1acb6-de2e-421d-8637-d6b702c10861_Appearance_634484981719451528.png --a---- 1449 bytes [23:14 05/04/2013] [23:14 05/04/2013] E70509151490F89B6D5AECB57B5691F0
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\ConduitAbstractionLayer.js --a---- 33743 bytes [12:55 03/04/2013] [12:55 03/04/2013] 9CCD08D1B3A14CC5BDB0D987A3D516A3
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\ConduitAbstractionLayerBack.js --a---- 33743 bytes [12:55 03/04/2013] [12:55 03/04/2013] 9CCD08D1B3A14CC5BDB0D987A3D516A3
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\ConduitAbstractionLayerFront.js --a---- 33743 bytes [12:55 03/04/2013] [12:55 03/04/2013] 9CCD08D1B3A14CC5BDB0D987A3D516A3
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [12:55 03/04/2013] [12:55 03/04/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [12:55 03/04/2013] [12:55 03/04/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\chrome\CT3282722\content\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [12:55 03/04/2013] [12:55 03/04/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\lib\log4conduit.jsm --a---- 760 bytes [12:55 03/04/2013] [12:55 03/04/2013] 93898FE6A232C5FCD838D8168F65D802
C:\_OTL\MovedFiles\04132013_173043\C_Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}\Plugins\npConduitFirefoxPlugin.dll --a---- 207136 bytes [12:55 03/04/2013] [12:55 03/04/2013] EE58AB089EB563C252DC8C7E3FDF0C53

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04132013_173043\C_Program Files\ILivid Removal Tool d------ [16:32 13/04/2013]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*oapps*"
No folders found.

Searching for "*optimizer pro*"
No folders found.

Searching for "*pricepeep*"
No folders found.

Searching for "*smartbar*"
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\smartbar d------ [00:18 12/04/2013]

Searching for "*conduit*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "oapps"
No data found.

Searching for "optimizer pro"
No data found.

Searching for "pricepeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}]
@="PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\1.0]
@="PricePeep 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\1.0\0\win32]
@="C:\Program Files\PricePeep\pricepeep.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\1.0\HELPDIR]
@="C:\Program Files\PricePeep"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep]

Searching for "smartbar"
[HKEY_CURRENT_USER\Software\SmartBar]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\SmartBar]

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Conduit]

-= EOF =-
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 13th, 2013, 2:26 pm

Hi nunped,

My netbook seems to be running entirely without link redirections or random inserted links now, so it seems all must be well again.

Thanks again, topgreyed
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 14th, 2013, 12:18 pm

Hi topgreyed,

Nice job :) But there still are some stuff to clean:

Step 1 - OTL fix
  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:files
C:\Documents and Settings\Terry\My Documents\Downloads\ILividRemovalTool.exe
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\smartbar

:reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep]
[-HKEY_CURRENT_USER\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\SmartBar]
[-HKEY_CURRENT_USER\Software\Conduit]
[-HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Conduit]

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the [Run ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes, press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button, then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 14th, 2013, 6:00 pm

Hi nunped,

My netbook has bluescreened once last night and also has failed to hibernate several times, getting stuck on 'Preparing to hibernate' screen.

Lost OTL log on re-boot but think I've recovered the correct file below (timestamp is about right anyway). :-)

ESET file also posted below.

Cheers, topgreyed

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Terry\My Documents\Downloads\ILividRemovalTool.exe moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722\toolbarImages folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\CT3282722 folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\smartbar\CT3282722\logs folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\smartbar\CT3282722 folder moved successfully.
C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\4xeua7a1.default\smartbar folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\SmartBar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\SmartBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3421510218-3125993559-1735289115-1006\Software\Conduit\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 22598 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Terry
->Temp folder emptied: 838325 bytes
->Temporary Internet Files folder emptied: 43914 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9566953 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90054 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04142013_201310

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


C:\Documents and Settings\Terry\My Documents\Downloads\cnet2_RCATSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Terry\My Documents\Downloads\cnet_gdrive-279-setup_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Terry\My Documents\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Downloads\Software\FreeSoundRecorder\cbsidlm-tr1_12-Free_Sound_Recorder-ORG-10698910.exe Win32/DownloadAdmin.G application
C:\Program downloads\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\_OTL\MovedFiles\04142013_201310\C_Documents and Settings\Terry\My Documents\Downloads\ILividRemovalTool.exe multiple threats
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 16th, 2013, 6:19 pm

Hi topgreyed,

Step 1 - OTL fix
  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:files
C:\Documents and Settings\Terry\My Documents\Downloads\cnet2_RCATSetup_exe.exe
C:\Documents and Settings\Terry\My Documents\Downloads\cnet_gdrive-279-setup_exe.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 3
Do you notice any changes?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 17th, 2013, 5:07 am

Hi nunped,

Have followed the instructions. Results below.

Many thanks again for your help. No observable change in the machine this time, still have nagging problem of it hanging when I attempt to hibernate but sure I can adapt to that.

Best wishes, topgreyed

Step 1:
========== FILES ==========
C:\Documents and Settings\Terry\My Documents\Downloads\cnet2_RCATSetup_exe.exe moved successfully.
C:\Documents and Settings\Terry\My Documents\Downloads\cnet_gdrive-279-setup_exe.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04172013_005123

Step 2:
No malicious objects found. Log file attached as quote below:
00:53:25.0453 5056 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:53:26.0031 5056 ============================================================
00:53:26.0031 5056 Current date / time: 2013/04/17 00:53:26.0031
00:53:26.0031 5056 SystemInfo:
00:53:26.0031 5056
00:53:26.0031 5056 OS Version: 5.1.2600 ServicePack: 3.0
00:53:26.0031 5056 Product type: Workstation
00:53:26.0031 5056 ComputerName: TJD-NETBOOK
00:53:26.0031 5056 UserName: Terry
00:53:26.0031 5056 Windows directory: C:\WINDOWS
00:53:26.0031 5056 System windows directory: C:\WINDOWS
00:53:26.0031 5056 Processor architecture: Intel x86
00:53:26.0031 5056 Number of processors: 2
00:53:26.0031 5056 Page size: 0x1000
00:53:26.0031 5056 Boot type: Normal boot
00:53:26.0031 5056 ============================================================
00:53:30.0546 5056 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:53:30.0750 5056 ============================================================
00:53:30.0750 5056 \Device\Harddisk0\DR0:
00:53:30.0750 5056 MBR partitions:
00:53:30.0750 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0
00:53:30.0750 5056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800
00:53:30.0750 5056 ============================================================
00:53:30.0750 5056 C: <-> \Device\Harddisk0\DR0\Partition1
00:53:30.0796 5056 D: <-> \Device\Harddisk0\DR0\Partition2
00:53:30.0796 5056 ============================================================
00:53:30.0796 5056 Initialize success
00:53:30.0796 5056 ============================================================
00:53:40.0375 4900 ============================================================
00:53:40.0375 4900 Scan started
00:53:40.0375 4900 Mode: Manual;
00:53:40.0375 4900 ============================================================
00:53:41.0109 4900 ================ Scan system memory ========================
00:53:41.0125 4900 System memory - ok
00:53:41.0125 4900 ================ Scan services =============================
00:53:41.0234 4900 Abiosdsk - ok
00:53:41.0250 4900 abp480n5 - ok
00:53:41.0281 4900 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:53:41.0296 4900 ACPI - ok
00:53:41.0312 4900 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:53:41.0312 4900 ACPIEC - ok
00:53:41.0406 4900 [ 8E294ACAE2B6FB3C75F55913829B359E ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
00:53:41.0765 4900 acssrv - ok
00:53:41.0859 4900 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:53:41.0859 4900 AdobeFlashPlayerUpdateSvc - ok
00:53:41.0875 4900 adpu160m - ok
00:53:41.0921 4900 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:53:41.0953 4900 aec - ok
00:53:42.0000 4900 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:53:42.0031 4900 AFD - ok
00:53:42.0062 4900 [ F85E257CAE6133FCDA85332FA52B455E ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
00:53:42.0062 4900 afw - ok
00:53:42.0093 4900 [ 90B57BF63271CD3DF6BB264F91E0BE35 ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
00:53:42.0468 4900 afwcore - ok
00:53:42.0484 4900 Aha154x - ok
00:53:42.0500 4900 aic78u2 - ok
00:53:42.0500 4900 aic78xx - ok
00:53:42.0578 4900 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:53:42.0578 4900 Alerter - ok
00:53:42.0609 4900 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:53:42.0609 4900 ALG - ok
00:53:42.0609 4900 AliIde - ok
00:53:42.0625 4900 amsint - ok
00:53:42.0671 4900 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 C:\xampp\apache\bin\httpd.exe
00:53:42.0718 4900 Apache2.2 - ok
00:53:42.0765 4900 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys
00:53:42.0843 4900 appliand - ok
00:53:42.0859 4900 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys
00:53:42.0859 4900 appliandMP - ok
00:53:42.0875 4900 AppMgmt - ok
00:53:42.0937 4900 [ 6EACC829E76B1EFDFACE633619A3DB31 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
00:53:42.0984 4900 AR5416 - ok
00:53:43.0000 4900 asc - ok
00:53:43.0015 4900 asc3350p - ok
00:53:43.0015 4900 asc3550 - ok
00:53:43.0093 4900 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:53:43.0093 4900 aspnet_state - ok
00:53:43.0125 4900 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:53:43.0125 4900 AsyncMac - ok
00:53:43.0171 4900 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:53:43.0171 4900 atapi - ok
00:53:43.0171 4900 Atdisk - ok
00:53:43.0187 4900 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:53:43.0203 4900 Atmarpc - ok
00:53:43.0218 4900 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:53:43.0218 4900 AudioSrv - ok
00:53:43.0250 4900 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:53:43.0250 4900 audstub - ok
00:53:43.0296 4900 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:53:43.0296 4900 Beep - ok
00:53:43.0328 4900 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:53:43.0468 4900 BITS - ok
00:53:43.0500 4900 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:53:43.0515 4900 Browser - ok
00:53:43.0546 4900 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
00:53:43.0562 4900 btaudio - ok
00:53:43.0609 4900 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
00:53:43.0609 4900 BTDriver - ok
00:53:43.0625 4900 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:53:43.0640 4900 BthEnum - ok
00:53:43.0656 4900 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:53:43.0656 4900 BthPan - ok
00:53:43.0718 4900 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
00:53:43.0734 4900 BTHPORT - ok
00:53:43.0765 4900 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
00:53:43.0781 4900 BthServ - ok
00:53:43.0796 4900 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:53:43.0796 4900 BTHUSB - ok
00:53:43.0843 4900 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:53:43.0875 4900 BTKRNL - ok
00:53:43.0937 4900 [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
00:53:43.0937 4900 btwdins - ok
00:53:44.0015 4900 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:53:44.0015 4900 BTWDNDIS - ok
00:53:44.0046 4900 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
00:53:44.0046 4900 BTWUSB - ok
00:53:44.0093 4900 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:53:44.0093 4900 cbidf2k - ok
00:53:44.0125 4900 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:53:44.0125 4900 CCDECODE - ok
00:53:44.0140 4900 cd20xrnt - ok
00:53:44.0171 4900 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:53:44.0171 4900 Cdaudio - ok
00:53:44.0203 4900 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:53:44.0203 4900 Cdfs - ok
00:53:44.0234 4900 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\drivers\Cdrom.sys
00:53:44.0234 4900 Cdrom - ok
00:53:44.0234 4900 Changer - ok
00:53:44.0265 4900 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:53:44.0265 4900 CiSvc - ok
00:53:44.0296 4900 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:53:44.0296 4900 ClipSrv - ok
00:53:44.0328 4900 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:53:44.0328 4900 clr_optimization_v2.0.50727_32 - ok
00:53:44.0390 4900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:53:44.0406 4900 clr_optimization_v4.0.30319_32 - ok
00:53:44.0437 4900 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:53:44.0437 4900 CmBatt - ok
00:53:44.0453 4900 CmdIde - ok
00:53:44.0468 4900 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:53:44.0468 4900 Compbatt - ok
00:53:44.0468 4900 COMSysApp - ok
00:53:44.0500 4900 Cpqarray - ok
00:53:44.0515 4900 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:53:44.0515 4900 CryptSvc - ok
00:53:44.0531 4900 dac2w2k - ok
00:53:44.0546 4900 dac960nt - ok
00:53:44.0562 4900 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:53:44.0593 4900 DcomLaunch - ok
00:53:44.0625 4900 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:53:44.0625 4900 Dhcp - ok
00:53:44.0640 4900 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:53:44.0640 4900 Disk - ok
00:53:44.0656 4900 dmadmin - ok
00:53:44.0718 4900 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:53:44.0750 4900 dmboot - ok
00:53:44.0781 4900 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:53:44.0781 4900 dmio - ok
00:53:44.0812 4900 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:53:44.0812 4900 dmload - ok
00:53:44.0843 4900 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:53:44.0843 4900 dmserver - ok
00:53:44.0875 4900 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:53:44.0875 4900 DMusic - ok
00:53:44.0921 4900 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:53:44.0921 4900 Dnscache - ok
00:53:44.0953 4900 [ 128AE3AEDDE1E3AE772C88320628FE7C ] DNSeFilter C:\WINDOWS\system32\drivers\SamsungEDS.sys
00:53:45.0000 4900 DNSeFilter - ok
00:53:45.0031 4900 [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO C:\WINDOWS\system32\MEMIO.SYS
00:53:45.0093 4900 DOSMEMIO - ok
00:53:45.0125 4900 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:53:45.0125 4900 Dot3svc - ok
00:53:45.0140 4900 dpti2o - ok
00:53:45.0156 4900 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:53:45.0171 4900 drmkaud - ok
00:53:45.0187 4900 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:53:45.0187 4900 EapHost - ok
00:53:45.0218 4900 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:53:45.0218 4900 ERSvc - ok
00:53:45.0250 4900 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:53:45.0250 4900 Eventlog - ok
00:53:45.0296 4900 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:53:45.0296 4900 EventSystem - ok
00:53:45.0328 4900 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:53:45.0328 4900 Fastfat - ok
00:53:45.0359 4900 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:53:45.0375 4900 FastUserSwitchingCompatibility - ok
00:53:45.0406 4900 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:53:45.0406 4900 Fdc - ok
00:53:45.0453 4900 [ E3A0CC636F313CB34867123539691DD5 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe
00:53:45.0953 4900 FileZilla Server - ok
00:53:46.0015 4900 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:53:46.0015 4900 Fips - ok
00:53:46.0031 4900 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:53:46.0031 4900 Flpydisk - ok
00:53:46.0062 4900 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:53:46.0062 4900 FltMgr - ok
00:53:46.0109 4900 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:53:46.0109 4900 FontCache3.0.0.0 - ok
00:53:46.0125 4900 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:53:46.0125 4900 Fs_Rec - ok
00:53:46.0140 4900 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:53:46.0156 4900 Ftdisk - ok
00:53:46.0203 4900 [ B1C9B932F5A728800AB9C2C88C92594A ] Gizmo Central C:\Program Files\Gizmo\gservice.exe
00:53:46.0406 4900 Gizmo Central - ok
00:53:46.0437 4900 [ E48DA656DF32EDA6E5B9D06E3D410B49 ] GizmoDrv C:\WINDOWS\system32\drivers\GizmoDrv.sys
00:53:46.0562 4900 GizmoDrv - ok
00:53:46.0625 4900 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:53:46.0625 4900 Gpc - ok
00:53:46.0718 4900 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:53:46.0718 4900 gupdate - ok
00:53:46.0734 4900 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:53:46.0734 4900 gupdatem - ok
00:53:46.0750 4900 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:53:46.0765 4900 HDAudBus - ok
00:53:46.0828 4900 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:53:46.0828 4900 helpsvc - ok
00:53:46.0828 4900 HidServ - ok
00:53:46.0875 4900 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:53:46.0875 4900 HidUsb - ok
00:53:46.0921 4900 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:53:46.0921 4900 hkmsvc - ok
00:53:46.0937 4900 hpn - ok
00:53:46.0984 4900 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:53:46.0984 4900 HPZid412 - ok
00:53:47.0015 4900 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:53:47.0015 4900 HPZipr12 - ok
00:53:47.0046 4900 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:53:47.0046 4900 HPZius12 - ok
00:53:47.0078 4900 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
00:53:47.0078 4900 HTCAND32 - ok
00:53:47.0125 4900 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
00:53:47.0125 4900 htcnprot - ok
00:53:47.0171 4900 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:53:47.0171 4900 HTTP - ok
00:53:47.0203 4900 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:53:47.0218 4900 HTTPFilter - ok
00:53:47.0218 4900 i2omgmt - ok
00:53:47.0234 4900 i2omp - ok
00:53:47.0265 4900 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:53:47.0265 4900 i8042prt - ok
00:53:47.0453 4900 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:53:47.0687 4900 ialm - ok
00:53:47.0765 4900 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:53:47.0796 4900 idsvc - ok
00:53:47.0843 4900 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
00:53:47.0843 4900 Imapi - ok
00:53:47.0875 4900 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:53:47.0875 4900 ImapiService - ok
00:53:47.0890 4900 ini910u - ok
00:53:48.0093 4900 [ 32915772CCD5BC2BF9762195C002A949 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:53:48.0218 4900 IntcAzAudAddService - ok
00:53:48.0234 4900 IntelIde - ok
00:53:48.0250 4900 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:53:48.0250 4900 intelppm - ok
00:53:48.0281 4900 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:53:48.0281 4900 Ip6Fw - ok
00:53:48.0296 4900 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:53:48.0312 4900 IpFilterDriver - ok
00:53:48.0312 4900 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:53:48.0328 4900 IpInIp - ok
00:53:48.0328 4900 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:53:48.0343 4900 IpNat - ok
00:53:48.0343 4900 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:53:48.0359 4900 IPSec - ok
00:53:48.0375 4900 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:53:48.0375 4900 IRENUM - ok
00:53:48.0406 4900 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:53:48.0406 4900 isapnp - ok
00:53:48.0500 4900 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:53:48.0500 4900 JavaQuickStarterService - ok
00:53:48.0531 4900 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:53:48.0531 4900 Kbdclass - ok
00:53:48.0562 4900 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:53:48.0578 4900 kmixer - ok
00:53:48.0593 4900 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:53:48.0609 4900 KSecDD - ok
00:53:48.0625 4900 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
00:53:48.0640 4900 LanmanServer - ok
00:53:48.0656 4900 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:53:48.0671 4900 lanmanworkstation - ok
00:53:48.0671 4900 lbrtfdc - ok
00:53:48.0734 4900 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:53:48.0734 4900 LmHosts - ok
00:53:48.0750 4900 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
00:53:48.0765 4900 LPDSVC - ok
00:53:48.0781 4900 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:53:48.0781 4900 Messenger - ok
00:53:48.0812 4900 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:53:48.0812 4900 mnmdd - ok
00:53:48.0843 4900 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:53:48.0859 4900 mnmsrvc - ok
00:53:48.0875 4900 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:53:48.0875 4900 Modem - ok
00:53:48.0906 4900 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:53:48.0906 4900 Mouclass - ok
00:53:48.0937 4900 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:53:48.0937 4900 mouhid - ok
00:53:48.0968 4900 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:53:48.0968 4900 MountMgr - ok
00:53:49.0015 4900 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:53:49.0031 4900 MpFilter - ok
00:53:49.0140 4900 [ A69630D039C38018689190234F866D77 ] MpKsl7a8e22c5 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4E4A42D-5708-433D-8CB2-5625094E1AF2}\MpKsl7a8e22c5.sys
00:53:49.0140 4900 MpKsl7a8e22c5 - ok
00:53:49.0140 4900 mraid35x - ok
00:53:49.0171 4900 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:53:49.0171 4900 MRxDAV - ok
00:53:49.0218 4900 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:53:49.0250 4900 MRxSmb - ok
00:53:49.0281 4900 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:53:49.0281 4900 MSDTC - ok
00:53:49.0312 4900 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:53:49.0312 4900 Msfs - ok
00:53:49.0328 4900 MSIServer - ok
00:53:49.0343 4900 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:53:49.0343 4900 MSKSSRV - ok
00:53:49.0390 4900 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:53:49.0390 4900 MsMpSvc - ok
00:53:49.0421 4900 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:53:49.0421 4900 MSPCLOCK - ok
00:53:49.0437 4900 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:53:49.0437 4900 MSPQM - ok
00:53:49.0468 4900 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:53:49.0468 4900 mssmbios - ok
00:53:49.0484 4900 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:53:49.0484 4900 MSTEE - ok
00:53:49.0515 4900 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:53:49.0531 4900 Mup - ok
00:53:49.0578 4900 mysql - ok
00:53:49.0593 4900 [ 88705DC61B9275B82E48904D53031F5B ] n558 C:\WINDOWS\system32\Drivers\n558.sys
00:53:49.0593 4900 n558 - ok
00:53:49.0625 4900 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:53:49.0625 4900 NABTSFEC - ok
00:53:49.0671 4900 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:53:49.0703 4900 napagent - ok
00:53:49.0734 4900 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:53:49.0750 4900 NDIS - ok
00:53:49.0781 4900 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:53:49.0781 4900 NdisIP - ok
00:53:49.0828 4900 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:53:49.0828 4900 NdisTapi - ok
00:53:49.0859 4900 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:53:49.0875 4900 Ndisuio - ok
00:53:49.0890 4900 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:53:49.0890 4900 NdisWan - ok
00:53:49.0953 4900 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:53:49.0953 4900 NDProxy - ok
00:53:49.0984 4900 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:53:49.0984 4900 NetBIOS - ok
00:53:50.0031 4900 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:53:50.0031 4900 NetBT - ok
00:53:50.0046 4900 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:53:50.0062 4900 NetDDE - ok
00:53:50.0078 4900 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:53:50.0078 4900 NetDDEdsdm - ok
00:53:50.0109 4900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:53:50.0109 4900 Netlogon - ok
00:53:50.0125 4900 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:53:50.0140 4900 Netman - ok
00:53:50.0171 4900 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:53:50.0171 4900 NetTcpPortSharing - ok
00:53:50.0203 4900 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:53:50.0203 4900 Nla - ok
00:53:50.0218 4900 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:53:50.0218 4900 Npfs - ok
00:53:50.0250 4900 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:53:50.0281 4900 Ntfs - ok
00:53:50.0296 4900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:53:50.0296 4900 NtLmSsp - ok
00:53:50.0328 4900 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:53:50.0343 4900 NtmsSvc - ok
00:53:50.0375 4900 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:53:50.0375 4900 Null - ok
00:53:50.0406 4900 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:53:50.0406 4900 NwlnkFlt - ok
00:53:50.0421 4900 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:53:50.0421 4900 NwlnkFwd - ok
00:53:50.0468 4900 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:53:50.0468 4900 ose - ok
00:53:50.0484 4900 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
00:53:50.0500 4900 Parport - ok
00:53:50.0515 4900 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:53:50.0515 4900 PartMgr - ok
00:53:50.0531 4900 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:53:50.0531 4900 ParVdm - ok
00:53:50.0578 4900 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
00:53:50.0734 4900 PassThru Service - ok
00:53:50.0781 4900 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:53:50.0781 4900 pccsmcfd - ok
00:53:50.0796 4900 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:53:50.0796 4900 PCI - ok
00:53:50.0812 4900 PCIDump - ok
00:53:50.0812 4900 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:53:50.0828 4900 PCIIde - ok
00:53:50.0843 4900 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:53:50.0843 4900 Pcmcia - ok
00:53:50.0859 4900 PDCOMP - ok
00:53:50.0875 4900 PDFRAME - ok
00:53:50.0875 4900 PDRELI - ok
00:53:50.0890 4900 PDRFRAME - ok
00:53:50.0906 4900 perc2 - ok
00:53:50.0906 4900 perc2hib - ok
00:53:50.0968 4900 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:53:50.0968 4900 PlugPlay - ok
00:53:51.0000 4900 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
00:53:51.0000 4900 Pml Driver HPZ12 - ok
00:53:51.0031 4900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:53:51.0031 4900 PolicyAgent - ok
00:53:51.0046 4900 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:53:51.0046 4900 PptpMiniport - ok
00:53:51.0062 4900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:53:51.0062 4900 ProtectedStorage - ok
00:53:51.0078 4900 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:53:51.0078 4900 PSched - ok
00:53:51.0093 4900 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:53:51.0093 4900 Ptilink - ok
00:53:51.0109 4900 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:53:51.0187 4900 PxHelp20 - ok
00:53:51.0250 4900 [ 55F2EFBB3A1571BEEC705FFDDB2C84ED ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
00:53:51.0281 4900 QBCFMonitorService - ok
00:53:51.0328 4900 [ 92AA40E2B692E8637D45FB2D01137D17 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
00:53:51.0375 4900 QBFCService - ok
00:53:51.0390 4900 ql1080 - ok
00:53:51.0406 4900 Ql10wnt - ok
00:53:51.0406 4900 ql12160 - ok
00:53:51.0421 4900 ql1240 - ok
00:53:51.0437 4900 ql1280 - ok
00:53:51.0453 4900 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:53:51.0453 4900 RasAcd - ok
00:53:51.0484 4900 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:53:51.0484 4900 RasAuto - ok
00:53:51.0515 4900 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:53:51.0515 4900 Rasl2tp - ok
00:53:51.0531 4900 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:53:51.0546 4900 RasMan - ok
00:53:51.0562 4900 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:53:51.0562 4900 RasPppoe - ok
00:53:51.0578 4900 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:53:51.0578 4900 Raspti - ok
00:53:51.0609 4900 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:53:51.0625 4900 Rdbss - ok
00:53:51.0656 4900 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:53:51.0656 4900 RDPCDD - ok
00:53:51.0703 4900 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:53:51.0703 4900 RDPWD - ok
00:53:51.0750 4900 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:53:51.0765 4900 RDSessMgr - ok
00:53:51.0812 4900 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
00:53:51.0812 4900 RealNetworks Downloader Resolver Service - ok
00:53:51.0859 4900 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:53:51.0859 4900 RemoteAccess - ok
00:53:51.0890 4900 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:53:51.0890 4900 RFCOMM - ok
00:53:51.0921 4900 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
00:53:51.0937 4900 ROOTMODEM - ok
00:53:51.0968 4900 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:53:51.0968 4900 RpcLocator - ok
00:53:52.0000 4900 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:53:52.0015 4900 RpcSs - ok
00:53:52.0015 4900 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:53:52.0031 4900 RSVP - ok
00:53:52.0046 4900 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:53:52.0062 4900 SamSs - ok
00:53:52.0109 4900 [ 57EF0A92BADA411C563384C08A4A25CD ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
00:53:52.0468 4900 SandBox - ok
00:53:52.0484 4900 SASDIFSV - ok
00:53:52.0484 4900 SASKUTIL - ok
00:53:52.0546 4900 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:53:52.0546 4900 SCardSvr - ok
00:53:52.0578 4900 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:53:52.0593 4900 Schedule - ok
00:53:52.0625 4900 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:53:52.0625 4900 Secdrv - ok
00:53:52.0640 4900 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:53:52.0656 4900 seclogon - ok
00:53:52.0687 4900 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:53:52.0687 4900 SENS - ok
00:53:52.0718 4900 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:53:52.0718 4900 Serial - ok
00:53:52.0781 4900 [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:53:53.0125 4900 ServiceLayer - ok
00:53:53.0187 4900 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:53:53.0203 4900 Sfloppy - ok
00:53:53.0234 4900 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:53:53.0250 4900 SharedAccess - ok
00:53:53.0265 4900 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:53:53.0281 4900 ShellHWDetection - ok
00:53:53.0281 4900 Simbad - ok
00:53:53.0703 4900 [ E42D201B0B53A94BD8E5B032EC83D843 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:53:54.0125 4900 Skype C2C Service - ok
00:53:54.0203 4900 [ C84A3DCE4D9D70A4D8FBFA4B7DD6FF0B ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:53:54.0218 4900 SkypeUpdate - ok
00:53:54.0250 4900 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:53:54.0250 4900 SLIP - ok
00:53:54.0312 4900 [ A44FAD36D97FB5FF5B57CCEB581EB29F ] SNM WLAN Service C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
00:53:54.0406 4900 SNM WLAN Service - ok
00:53:54.0750 4900 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
00:53:55.0046 4900 SNPSTD3 - ok
00:53:55.0062 4900 Sparrow - ok
00:53:55.0078 4900 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:53:55.0078 4900 splitter - ok
00:53:55.0109 4900 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:53:55.0125 4900 Spooler - ok
00:53:55.0140 4900 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:53:55.0156 4900 sr - ok
00:53:55.0171 4900 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:53:55.0187 4900 srservice - ok
00:53:55.0250 4900 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:53:55.0250 4900 Srv - ok
00:53:55.0281 4900 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:53:55.0281 4900 SSDPSRV - ok
00:53:55.0312 4900 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:53:55.0312 4900 stisvc - ok
00:53:55.0343 4900 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:53:55.0343 4900 streamip - ok
00:53:55.0375 4900 [ C0137B5947AE3D3FC1C17BA6FDFB3DAD ] SUEPD C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
00:53:55.0437 4900 SUEPD - ok
00:53:55.0453 4900 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:53:55.0468 4900 swenum - ok
00:53:55.0484 4900 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:53:55.0484 4900 swmidi - ok
00:53:55.0500 4900 SwPrv - ok
00:53:55.0515 4900 symc810 - ok
00:53:55.0515 4900 symc8xx - ok
00:53:55.0531 4900 sym_hi - ok
00:53:55.0546 4900 sym_u3 - ok
00:53:55.0578 4900 [ EA447F6DB6115E8A32352F9FAFFA824D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:53:55.0593 4900 SynTP - ok
00:53:55.0609 4900 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:53:55.0609 4900 sysaudio - ok
00:53:55.0640 4900 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:53:55.0656 4900 SysmonLog - ok
00:53:55.0687 4900 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:53:55.0734 4900 TapiSrv - ok
00:53:55.0781 4900 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:53:55.0796 4900 Tcpip - ok
00:53:55.0828 4900 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:53:55.0828 4900 TDPIPE - ok
00:53:55.0859 4900 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:53:55.0859 4900 TDTCP - ok
00:53:55.0875 4900 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:53:55.0875 4900 TermDD - ok
00:53:55.0890 4900 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:53:55.0921 4900 TermService - ok
00:53:55.0953 4900 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:53:55.0953 4900 Themes - ok
00:53:55.0968 4900 TosIde - ok
00:53:56.0015 4900 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:53:56.0015 4900 TrkWks - ok
00:53:56.0046 4900 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:53:56.0062 4900 Udfs - ok
00:53:56.0078 4900 ultra - ok
00:53:56.0109 4900 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:53:56.0125 4900 Update - ok
00:53:56.0156 4900 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:53:56.0156 4900 upnphost - ok
00:53:56.0187 4900 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:53:56.0187 4900 UPS - ok
00:53:56.0218 4900 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
00:53:56.0218 4900 usbaudio - ok
00:53:56.0250 4900 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:53:56.0250 4900 usbccgp - ok
00:53:56.0265 4900 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:53:56.0265 4900 usbehci - ok
00:53:56.0296 4900 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:53:56.0296 4900 usbhub - ok
00:53:56.0312 4900 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:53:56.0312 4900 usbprint - ok
00:53:56.0343 4900 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:53:56.0343 4900 usbscan - ok
00:53:56.0359 4900 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:53:56.0375 4900 usbstor - ok
00:53:56.0390 4900 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:53:56.0390 4900 usbuhci - ok
00:53:56.0421 4900 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
00:53:56.0421 4900 usbvideo - ok
00:53:56.0437 4900 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:53:56.0437 4900 VgaSave - ok
00:53:56.0453 4900 ViaIde - ok
00:53:56.0484 4900 [ 4F101E48D060E318752FBC458A4B49F0 ] VMC326 C:\WINDOWS\system32\Drivers\VMC326.sys
00:53:56.0500 4900 VMC326 - ok
00:53:56.0515 4900 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:53:56.0531 4900 VolSnap - ok
00:53:56.0562 4900 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:53:56.0593 4900 VSS - ok
00:53:56.0625 4900 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:53:56.0640 4900 W32Time - ok
00:53:56.0671 4900 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:53:56.0671 4900 Wanarp - ok
00:53:56.0718 4900 [ 4769596D7CC0F5FA447D2BABC239672A ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
00:53:56.0734 4900 Wdf01000 - ok
00:53:56.0750 4900 WDICA - ok
00:53:56.0796 4900 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:53:56.0796 4900 wdmaud - ok
00:53:56.0843 4900 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:53:56.0859 4900 WebClient - ok
00:53:56.0921 4900 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:53:56.0937 4900 winmgmt - ok
00:53:56.0984 4900 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:53:56.0984 4900 WmdmPmSN - ok
00:53:57.0031 4900 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:53:57.0031 4900 WmiApSrv - ok
00:53:57.0109 4900 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:53:57.0140 4900 WMPNetworkSvc - ok
00:53:57.0218 4900 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:53:57.0250 4900 WPFFontCache_v0400 - ok
00:53:57.0296 4900 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:53:57.0296 4900 wscsvc - ok
00:53:57.0312 4900 WSearch - ok
00:53:57.0328 4900 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:53:57.0328 4900 WSTCODEC - ok
00:53:57.0375 4900 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:53:57.0390 4900 wuauserv - ok
00:53:57.0421 4900 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:53:57.0421 4900 WudfPf - ok
00:53:57.0453 4900 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:53:57.0453 4900 WudfRd - ok
00:53:57.0468 4900 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:53:57.0484 4900 WudfSvc - ok
00:53:57.0531 4900 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:53:57.0546 4900 WZCSVC - ok
00:53:57.0578 4900 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:53:57.0593 4900 xmlprov - ok
00:53:57.0625 4900 [ 849494D3F85A45231744CA7470246C71 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
00:53:57.0625 4900 yukonwxp - ok
00:53:57.0656 4900 ================ Scan global ===============================
00:53:57.0687 4900 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:53:57.0718 4900 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
00:53:57.0750 4900 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
00:53:57.0781 4900 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:53:57.0796 4900 [Global] - ok
00:53:57.0796 4900 ================ Scan MBR ==================================
00:53:57.0828 4900 [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0
00:53:58.0281 4900 \Device\Harddisk0\DR0 - ok
00:53:58.0281 4900 ================ Scan VBR ==================================
00:53:58.0281 4900 [ 0F8211723E17CE41A5BEA52BC06C7D10 ] \Device\Harddisk0\DR0\Partition1
00:53:58.0281 4900 \Device\Harddisk0\DR0\Partition1 - ok
00:53:58.0312 4900 [ 60FD545374E4B5639A77CBAF264CC76B ] \Device\Harddisk0\DR0\Partition2
00:53:58.0312 4900 \Device\Harddisk0\DR0\Partition2 - ok
00:53:58.0312 4900 ============================================================
00:53:58.0312 4900 Scan finished
00:53:58.0312 4900 ============================================================
00:53:58.0343 0724 Detected object count: 0
00:53:58.0343 0724 Actual detected object count: 0
00:54:27.0031 5892 Deinitialize success
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby nunped » April 17th, 2013, 5:31 pm

Hi topgreyed,

Good job! Your computer appears to be free from malware. The issues you are having don't seem to be related to malware...

Now, some clean-up steps:

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
    Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Create a new System Restore Point (SRP)
Now that you're clean, it's the best time to create a clean System Restore Point, and delete the previous, infected ones.
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point and press Next.
  3. Type a name for the new SRP like All Clean then press Create.
  4. When finished press Close.
Remove old SRP entries
  1. Go to Start > Run type in: cleanmgr and press OK.
    Wait until Disk Cleanup finish calculating.
  2. Then select the More Options tab.
  3. In the System Restore section, press Clean up.
  4. Reply Yes to the prompt.
    All existing restore points will be deleted, except the new one you just created.

Don't forget to re-enable your security programs!

You should also update Firefox.
  • In the Firefox browser click Help > Check for updates to install the latest version.

Update your Antivirus programs and other programs regularly. This is one good way to avoid new threats. The following websites can be used to check if you need any update.
Secunia Personal Software Inspector
F-secure Health Check
FileHippo.com Update Checker - © Copyright FileHippo.com

Some free programs that can improve your computer security:
Malwarebytes Anti-malware
This is a great anti-malware application that can remove a good percentage of infections. You should run a scan with it at least once week, after you download the latest updates.
You can find information and Download it from HERE

SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: adnxs.com redirection on links, iLivid(?) hijack

Unread postby topgreyed » April 17th, 2013, 7:00 pm

Thank you so much nunped - what a star!

All sorted now! Keep up the great work...

All the best,

topgreyed
topgreyed
Active Member
 
Posts: 10
Joined: April 9th, 2013, 6:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware