Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware repeatedly changing my proxy server

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 18th, 2013, 1:16 pm

I did download the MiniToolBox from the link you provided, but I think that because I stupidly trolled around for resources before contacting you that I may have gotten a bad copy -- the one I used just now.

Here is the adw log. Sweetpacks toolbar is still on FF. I will post the OTL in a minute. Thanks again.

# AdwCleaner v3.004 - Report created 18/09/2013 at 09:55:16
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alan - AL-LAPTOP
# Running from : C:\Users\Alan\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : FastFreeConverterUpdt
[#] Service Deleted : IBUpdaterService
Service Deleted : SProtection

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\SweetPacks
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\windows\SysWOW64\ARFC
Folder Deleted : C:\windows\SysWOW64\jmdp
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Alan\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Alan\AppData\Local\Conduit
Folder Deleted : C:\Users\Alan\AppData\Local\cre
Folder Deleted : C:\Users\Alan\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Alan\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Alan\AppData\Local\Temp\CT3310511
Folder Deleted : C:\Users\Alan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alan\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\Alan\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Alan\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Alan\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Smartbar
Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\CT3310511
Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
File Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\END
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Alan\Desktop\Continue SweetIM Installation.lnk
File Deleted : C:\Users\Alan\Desktop\sweetpcfix.url
File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Deleted : C:\windows\Tasks\AmiUpdXp.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B422F1BC-9ADB-48A7-8B13-00C176039DC5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111251155}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B422F1BC-9ADB-48A7-8B13-00C176039DC5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111251155}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97544709-90D9-43CD-BC4D-066524A8481F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D25BA7-3B2C-4BA0-A0CD-7D8271D8EBF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111251155}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\prefs.js ]

Line Deleted : user_pref("CT3310511.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3310511.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.FirstTime", "true");
Line Deleted : user_pref("CT3310511.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3310511.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3OTUyMTE0Nw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3OTUyMTE2Ng==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Nw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3OTUyMjkyOQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3OTUyMjkzOQ==");
Line Deleted : user_pref("CT3310511.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3310511.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3310511.SF_USER_ID.enc", "Y2lkXzE4OTIwMTM5MTg1NTIyNDY4OTY=");
Line Deleted : user_pref("CT3310511.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN38433392222677520&UM=2&q=");
Line Deleted : user_pref("CT3310511.UserID", "UN38433392222677520");
Line Deleted : user_pref("CT3310511.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3310511.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.cbfirsttime.enc", "V2VkIFNlcCAxOCAyMDEzIDA5OjE4OjEyIEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3310511.countryCode", "US");
Line Deleted : user_pref("CT3310511.defaultSearch", "true");
Line Deleted : user_pref("CT3310511.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3BfbmEiLCJ2ZXJzaW9uIjoxMH0=");
Line Deleted : user_pref("CT3310511.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc5NTIxMTU0OTg0LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3310511.discover-user-id.enc", "IjdlNjgzODEwLTZkMTQtNDlkYy05MTc3LTI0NjJlZWVjNDliNSI=");
Line Deleted : user_pref("CT3310511.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Deleted : user_pref("CT3310511.enableAlerts", "true");
Line Deleted : user_pref("CT3310511.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3310511.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN38433392222677520.IN.20130918091535");
Line Deleted : user_pref("CT3310511.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3310511.homepageuserchanged", true);
Line Deleted : user_pref("CT3310511.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3310511.impression_session_id.enc", "IjdhNDBlNTZmLTZjMGMtNGY3NC1iMjVjLTJjMGRjM2VhMzgyMyI=");
Line Deleted : user_pref("CT3310511.impression_session_last_active.enc", "MTM3OTUyMjkyMjU5Mg==");
Line Deleted : user_pref("CT3310511.installDate", "18/09/2013 09:15:48");
Line Deleted : user_pref("CT3310511.installId", "cid107");
Line Deleted : user_pref("CT3310511.installSessionId", "{90A24F03-280A-41E1-B10D-F57E02170189}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3310511.installUsage", "2013-09-18T19:17:39.2106197+03:00");
Line Deleted : user_pref("CT3310511.installUsageEarly", "2013-09-18T19:17:34.6012152+03:00");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3310511.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3310511.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=15&CUI=UN38433392222677520&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3310511.lastVersion", "10.20.0.13");
Line Deleted : user_pref("CT3310511.mam_gk_appStateReportTime.enc", "MTM3OTUyMTA3NDExMQ==");
Line Deleted : user_pref("CT3310511.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3310511.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJmYTFkYjYyNy0yMGVhLTQ4ZDktOWE5NS00NDBjNWE4ZmVmYTIiLCJ[...]
Line Deleted : user_pref("CT3310511.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3310511.mam_gk_lastLoginTime.enc", "MTM3OTUyMTA3MDc0OA==");
Line Deleted : user_pref("CT3310511.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3310511.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3310511.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3310511.mam_gk_userId.enc", "NjNhZTUxNmQtNTljZC00NWY5LTkwY2EtYmZlZTJlMjM2ZDE5");
Line Deleted : user_pref("CT3310511.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3310511.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewtopic.php%3Ff%3D11%26t%3D62176%26p%3D628206%23p628206\",\"EB_MAIN_FRAME_TITLE\"[...]
Line Deleted : user_pref("CT3310511.openThankYouPage", "false");
Line Deleted : user_pref("CT3310511.openUninstallPage", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "XFINITY");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "XFINITY");
Line Deleted : user_pref("CT3310511.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3310511.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3310511.search.searchCount", "0");
Line Deleted : user_pref("CT3310511.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3310511\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetPacks.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks \"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_services_Configuration_lastUpdate", "1379521057442");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1379521061731");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appsMetadata_lastUpdate", "1379521060654");
Line Deleted : user_pref("CT3310511.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1379521060821");
Line Deleted : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1379521057596");
Line Deleted : user_pref("CT3310511.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1379521063163");
Line Deleted : user_pref("CT3310511.serviceLayer_services_login_10.20.0.13_lastUpdate", "1379521062464");
Line Deleted : user_pref("CT3310511.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1379521061389");
Line Deleted : user_pref("CT3310511.serviceLayer_services_searchAPI_lastUpdate", "1379521057515");
Line Deleted : user_pref("CT3310511.serviceLayer_services_serviceMap_lastUpdate", "1379521056539");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarContextMenu_lastUpdate", "1379521060102");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarSettings_lastUpdate", "1379521057100");
Line Deleted : user_pref("CT3310511.serviceLayer_services_translation_lastUpdate", "1379521061836");
Line Deleted : user_pref("CT3310511.settingsINI", true);
Line Deleted : user_pref("CT3310511.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3310511.showToolbarPermission", "false");
Line Deleted : user_pref("CT3310511.smartbar.CTID", "CT3310511");
Line Deleted : user_pref("CT3310511.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
Line Deleted : user_pref("CT3310511.startPage", "true");
Line Deleted : user_pref("CT3310511.toolbarBornServerTime", "18-9-2013");
Line Deleted : user_pref("CT3310511.toolbarCurrentServerTime", "18-9-2013");
Line Deleted : user_pref("CT3310511.toolbarLoginClientTime", "Wed Sep 18 2013 09:17:42 GMT-0700 (Pacific Standard Time)");
Line Deleted : user_pref("CT3310511.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNzk1MjI5MDI3MDEsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM3OTUyMjkwMjcwNiwsLGh0dHBz[...]
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("CT3310511_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379521017874,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN38433392222677520&UM=2&UP=SP7F52C4BA-4EA6-49F5-A77C-C731680E609A");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN38433392222677520&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3310511");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN38433392222677520&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
Line Deleted : user_pref("extensions.crossrider.bic", "14131dc4cfeb87ba3390edd896ca1575");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationTime", 1379521023);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallationTime.value", "1379521023");
Line Deleted : user_pref("extensions.crossriderapp12555.bic", "14131dc4cfeb87ba3390edd896ca1575");
Line Deleted : user_pref("extensions.crossriderapp12555.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp12555.installationdate", 1379521023);
Line Deleted : user_pref("extensions.crossriderapp12555.lastcheck", 22992018);
Line Deleted : user_pref("extensions.crossriderapp12555.lastcheckitem", 22992050);
Line Deleted : user_pref("extensions.crossriderapp12555.reportInstall", true);
Line Deleted : user_pref("extensions.enabledAddons", "%7BBAEC7B80-9A31-47b2-A68B-DCAC8DF48E87%7D:0.9.2,support%40lastpass.com:2.0.20,%7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16,%7BD1FDB339-6AA1-4DB6-89A5-1DDFF[...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN38433392222677520&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN38433392222677520&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN38433392222677520&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.machineId", "56Y73VY9/EFDEUOQIBD/LJIIZ7XMMZUNKNG8QQQQURRQN0L3WV8YPWMQVLC4ZDYYAU/7ORSXNE9WMLXX+NYXOA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN38433392222677520&UM=2&SearchSource=13");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]

-\\ Google Chrome v

[ File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [40981 octets] - [18/09/2013 09:51:51]
AdwCleaner[R1].txt - [41074 octets] - [18/09/2013 09:54:08]
AdwCleaner[S0].txt - [326 octets] - [18/09/2013 09:53:33]
AdwCleaner[S1].txt - [41205 octets] - [18/09/2013 09:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [41266 octets] ##########
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm
Advertisement
Register to Remove

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 18th, 2013, 1:43 pm

OTL logfile created on: 9/18/2013 10:17:36 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 36.64% Memory free
8.05 Gb Paging File | 5.20 Gb Available in Paging File | 64.55% Paging File free
Paging file location(s): c:\pagefile.sys 1120 8100j:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.92 Gb Total Space | 2.48 Gb Free Space | 4.36% Space Free | Partition Type: NTFS
Drive D: | 69.85 Gb Total Space | 0.57 Gb Free Space | 0.82% Space Free | Partition Type: NTFS
Drive G: | 14.93 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32
Drive I: | 3.37 Gb Total Space | 0.63 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive J: | 82.54 Gb Total Space | 1.34 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive K: | 53.75 Gb Total Space | 0.55 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive L: | 16.60 Gb Total Space | 1.25 Gb Free Space | 7.55% Space Free | Partition Type: FAT32

Computer Name: AL-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/09/11 03:37:20 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/10 09:11:48 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/08 13:36:25 | 004,640,768 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/09/08 13:36:24 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/07 19:39:18 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/23 16:40:56 | 007,331,840 | ---- | M] (Google Inc.) -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/07 19:47:58 | 003,372,720 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2012/02/29 17:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 17:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 18:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/09/27 16:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/08 04:04:50 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/09/06 01:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 01:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 21:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 00:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/24 01:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/09/19 20:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/08/27 11:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/18 09:59:02 | 000,128,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_elementtree.pyd
MOD - [2013/09/18 09:59:02 | 000,098,816 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32api.pyd
MOD - [2013/09/18 09:59:02 | 000,044,032 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_socket.pyd
MOD - [2013/09/18 09:59:01 | 000,805,888 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
MOD - [2013/09/18 09:59:01 | 000,557,056 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
MOD - [2013/09/18 09:59:01 | 000,320,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
MOD - [2013/09/18 09:59:01 | 000,070,656 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._html2.pyd
MOD - [2013/09/18 09:59:01 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd
MOD - [2013/09/18 09:59:01 | 000,022,528 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32ts.pyd
MOD - [2013/09/18 09:59:01 | 000,011,264 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32crypt.pyd
MOD - [2013/09/18 09:59:00 | 000,504,832 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd
MOD - [2013/09/18 09:59:00 | 000,364,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\pythoncom27.dll
MOD - [2013/09/18 09:59:00 | 000,087,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ctypes.pyd
MOD - [2013/09/18 09:59:00 | 000,017,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32profile.pyd
MOD - [2013/09/18 09:58:59 | 001,175,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._core_.pyd
MOD - [2013/09/18 09:58:59 | 001,153,024 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ssl.pyd
MOD - [2013/09/18 09:58:59 | 000,735,232 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
MOD - [2013/09/18 09:58:59 | 000,110,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\PyWinTypes27.dll
MOD - [2013/09/18 09:58:59 | 000,108,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32security.pyd
MOD - [2013/09/18 09:58:58 | 000,811,008 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
MOD - [2013/09/18 09:58:58 | 000,711,680 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\_hashlib.pyd
MOD - [2013/09/18 09:58:58 | 000,035,840 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32process.pyd
MOD - [2013/09/18 09:58:58 | 000,025,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32pdh.pyd
MOD - [2013/09/18 09:58:57 | 000,122,368 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
MOD - [2013/09/18 09:58:57 | 000,119,808 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32file.pyd
MOD - [2013/09/18 09:58:57 | 000,038,912 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32inet.pyd
MOD - [2013/09/18 09:58:55 | 001,062,400 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
MOD - [2013/09/18 09:58:55 | 000,127,488 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\pyexpat.pyd
MOD - [2013/09/18 09:58:55 | 000,018,432 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32event.pyd
MOD - [2013/09/18 09:58:54 | 000,686,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\unicodedata.pyd
MOD - [2013/09/18 09:58:54 | 000,010,240 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI36762\select.pyd
MOD - [2013/09/11 03:37:19 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/10 09:11:40 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/08 13:36:25 | 024,985,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/09/02 13:35:56 | 000,410,576 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 13:35:55 | 013,599,184 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 13:35:54 | 004,053,456 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 13:35:04 | 000,709,584 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 13:35:03 | 000,099,792 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 13:35:01 | 001,604,560 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
MOD - [2013/06/15 21:23:54 | 000,105,501 | ---- | M] () -- C:\Program Files (x86)\privoxy\cyggcc_s-1.dll
MOD - [2013/05/09 14:21:56 | 000,074,269 | ---- | M] () -- C:\Program Files (x86)\privoxy\cygz.dll
MOD - [2013/04/23 16:29:56 | 000,231,936 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/04/23 16:29:46 | 000,344,064 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/04/23 16:29:28 | 000,253,440 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/04/23 16:28:22 | 000,117,248 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/02/27 12:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/02/27 12:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/02/27 12:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/02/27 12:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/02/27 12:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/02/18 10:35:14 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/29 19:45:00 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/01/09 07:45:10 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:21:49 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:21:40 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:21:37 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:21:28 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/11/06 19:44:52 | 000,059,056 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\zlib.dll
MOD - [2012/11/05 20:40:08 | 000,262,144 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\ckcore.dll
MOD - [2012/11/05 20:40:08 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\BugReport.dll
MOD - [2011/02/16 09:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 07:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2006/08/11 20:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/10 15:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/14 15:24:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/13 06:37:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 09:11:42 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/07/15 18:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/07/01 02:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/07/09 19:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/26 14:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/12 12:01:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV:64bit: - [2012/03/12 11:55:00 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis)
DRV:64bit: - [2012/03/12 11:54:00 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem)
DRV:64bit: - [2012/03/12 11:54:00 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag)
DRV:64bit: - [2012/03/12 11:54:00 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetgps64.sys -- (vzandnetgps)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 01:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/17 11:05:46 | 000,382,848 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/10/17 11:03:20 | 000,060,416 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/09/08 04:04:52 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 11:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 13:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/17 00:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/15 18:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/07/15 18:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/07/15 18:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/07/15 18:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/07/15 18:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/07/15 18:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/07/15 18:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/07/15 18:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/07/14 15:53:30 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/14 14:48:24 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 23:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 03:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/23 00:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 20:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 22:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/28 19:00:01 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{D4F6D238-ACDF-42D7-9828-12771E9300F2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN32010726841753629&UM=2
IE - HKCU\..\SearchScopes\{FE63A0FA-FEB8-46C6-93F8-60A41E267BCD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BBAEC7B80-9A31-47b2-A68B-DCAC8DF48E87%7D:0.9.2
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BD1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: crossriderapp12555%40crossrider.com:0.88.72
FF - prefs.js..extensions.enabledAddons: %7B7e8a1050-cf67-4575-92df-dcc60e7d952d%7D:10.20.0.513
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/09 10:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/25 20:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2013/09/18 10:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions
[2013/09/18 10:02:06 | 000,000,000 | ---D | M] (SweetPacks) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
[2013/09/09 14:55:50 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}
[2013/09/18 09:11:38 | 000,000,000 | ---D | M] ("JollyWallet") -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\crossriderapp12555@crossrider.com
[2012/12/17 05:07:26 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\fdm_ffext@freedownloadmanager.org
[2013/09/18 10:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\staged
[2013/04/24 09:25:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\support@lastpass.com
[2013/09/18 09:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\crossriderapp12555@crossrider.com\chrome\content\extensionCode
[2012/03/16 19:09:03 | 000,003,196 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}.xpi
[2013/09/10 08:18:42 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/24 10:15:19 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/09/10 14:36:43 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/10 09:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/10 09:11:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/28 13:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\crossrider
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.1_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\crossrider
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.1_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\

O1 HOSTS File: ([2013/09/10 14:47:35 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Alan\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8:64bit: - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E}: DhcpNameServer = 50.201.157.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9}: DhcpNameServer = 64.13.115.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2}: DhcpNameServer = 10.33.16.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/01/24 00:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/18 09:51:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/18 09:19:59 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NexGen Media Player
[2013/09/18 09:19:43 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\NexGenMediaPlayer
[2013/09/18 09:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NexGen Media Player
[2013/09/18 09:13:02 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
[2013/09/18 09:12:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\WordOv
[2013/09/18 09:11:59 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\JollyWallet
[2013/09/18 09:11:42 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Updater12555
[2013/09/18 09:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JollyWallet
[2013/09/18 09:04:56 | 000,155,680 | ---- | C] (Ámònetíze ltd.) -- C:\Users\Alan\Desktop\MiniToolBox__2594_il8253480.exe
[2013/09/18 07:53:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\%LOCALAPPDATA%
[2013/09/18 07:53:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/17 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Skype
[2013/09/17 05:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:57:02 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/09/17 04:48:40 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/14 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\europe_photos_dannys_computer
[2013/09/14 11:39:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/11 09:21:22 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/09/11 09:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/11 09:09:26 | 009,879,648 | ---- | C] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:54 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2013/09/10 14:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 14:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/10 14:52:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/10 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/10 14:33:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\RK_Quarantine
[2013/09/10 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/10 09:09:22 | 000,000,000 | R--D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/09/09 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/09/09 14:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/09/09 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\LG Esteem
[2013/09/08 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Spotify
[2013/09/08 13:34:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Spotify
[2013/09/07 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/09/07 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/09/18 10:27:05 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/18 10:09:24 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 10:09:24 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 09:57:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/18 09:57:33 | 3736,985,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/18 09:50:12 | 001,039,554 | ---- | M] () -- C:\Users\Alan\Desktop\adwcleaner.exe
[2013/09/18 09:37:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/18 09:24:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
[2013/09/18 09:19:59 | 000,001,066 | ---- | M] () -- C:\Users\Alan\Desktop\NexGen Media Player.lnk
[2013/09/18 09:13:56 | 000,000,620 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/09/18 09:05:41 | 000,155,680 | ---- | M] (Ámònetíze ltd.) -- C:\Users\Alan\Desktop\MiniToolBox__2594_il8253480.exe
[2013/09/18 07:59:21 | 000,000,204 | ---- | M] () -- C:\windows\SysWow64\secustat.dat
[2013/09/17 18:24:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
[2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:48:53 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/14 15:02:38 | 000,002,688 | ---- | M] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/14 11:40:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/13 10:42:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/13 10:42:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/13 10:42:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/12 11:33:19 | 000,000,056 | ---- | M] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | M] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:48:33 | 000,281,382 | ---- | M] () -- C:\MGlogs.zip
[2013/09/11 09:20:46 | 001,990,472 | ---- | M] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/11 09:09:46 | 009,879,648 | ---- | M] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:57 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/10 06:07:18 | 000,312,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/09 18:01:08 | 000,572,808 | ---- | M] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/09 10:42:50 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/09/08 13:36:26 | 000,001,801 | ---- | M] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 01:42:27 | 000,002,360 | ---- | M] () -- C:\Users\Alan\Desktop\Google Chrome.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:56:05 | 000,000,370 | ---- | M] () -- C:\windows\tasks\ReclaimerResumeInstall_Alan.job
[2013/09/07 19:53:07 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/09/18 09:49:44 | 001,039,554 | ---- | C] () -- C:\Users\Alan\Desktop\adwcleaner.exe
[2013/09/18 09:19:59 | 000,001,066 | ---- | C] () -- C:\Users\Alan\Desktop\NexGen Media Player.lnk
[2013/09/18 09:13:53 | 000,000,620 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/09/14 15:02:38 | 000,002,688 | ---- | C] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/12 11:33:19 | 000,000,056 | ---- | C] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | C] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:39:23 | 000,281,382 | ---- | C] () -- C:\MGlogs.zip
[2013/09/11 09:20:44 | 001,990,472 | ---- | C] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 17:58:00 | 000,572,808 | ---- | C] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/08 13:36:26 | 000,001,801 | ---- | C] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 13:36:26 | 000,001,787 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:52:47 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:50:02 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:50:01 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/09/07 19:49:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/01/29 21:18:29 | 000,000,045 | ---- | C] () -- C:\windows\WF-3540.ini
[2012/12/24 18:36:08 | 000,000,204 | ---- | C] () -- C:\windows\SysWow64\secustat.dat
[2012/12/24 07:22:32 | 000,000,025 | ---- | C] () -- C:\windows\emcore.INI
[2012/09/30 14:49:40 | 000,000,258 | RHS- | C] () -- C:\Users\Alan\ntuser.pol
[2012/08/16 18:35:55 | 000,000,238 | ---- | C] () -- C:\windows\SysWow64\initparams.ini
[2012/03/03 09:29:00 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave_back.xml
[2012/01/23 22:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 06:07:38 | 000,039,880 | ---- | C] () -- C:\windows\SysWow64\dischandler.exe
[2012/01/12 19:56:59 | 000,015,850 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2012/01/09 13:00:48 | 004,346,880 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2012/01/08 14:49:20 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave.xml
[2012/01/08 14:49:10 | 000,001,238 | ---- | C] () -- C:\Users\Alan\.Setting.ini
[2012/01/07 15:22:00 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll
[2012/01/07 15:21:50 | 006,366,094 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 15:21:50 | 001,007,151 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-53.dll
[2012/01/07 15:21:50 | 000,354,979 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll
[2012/01/07 15:21:50 | 000,203,306 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll
[2012/01/07 15:21:50 | 000,138,727 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-2.dll
[2012/01/03 13:27:09 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\libiconv
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\grep
[2011/12/25 12:21:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/25 12:21:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Sync
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\howto
[2011/12/25 12:20:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/25 12:20:35 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\laserjet
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\filter
[2011/12/25 12:20:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/25 12:20:34 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Pad
[2011/12/20 13:00:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/20 11:50:04 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/12/20 11:49:56 | 000,099,328 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011/12/20 11:49:54 | 000,158,720 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011/12/20 11:49:54 | 000,146,944 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011/12/20 11:49:52 | 001,525,248 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011/12/20 11:49:52 | 000,212,480 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011/12/20 11:49:52 | 000,115,200 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011/12/20 11:49:50 | 000,328,704 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011/12/20 11:49:50 | 000,260,608 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011/12/20 11:49:50 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2011/09/28 18:12:06 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/28 17:32:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/28 17:18:50 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/17 08:41:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Amazon
[2012/05/08 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG
[2013/01/19 09:01:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG2013
[2013/06/01 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Azureus
[2013/09/18 07:59:21 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\BITS
[2011/12/31 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Bullzip
[2012/01/21 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\calibre
[2013/03/20 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\canon
[2013/03/20 10:58:31 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Canon_Inc_IC
[2012/01/07 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.amazon.music.uploader
[2012/01/03 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2013/09/18 09:59:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox
[2013/02/03 20:33:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Epson
[2013/05/08 05:56:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla
[2012/12/24 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashGet
[2012/12/24 07:17:46 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashGetBHO
[2012/12/24 07:18:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashgetSetup
[2012/04/04 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Flickr
[2013/09/14 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\gtk-2.0
[2012/12/24 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\JDownloaderPackages
[2013/01/29 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Leadertech
[2011/12/19 12:02:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\LibreOffice
[2012/08/27 20:26:35 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Mp3tag
[2011/12/25 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nikon
[2012/03/03 17:17:55 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\NoteTab Light
[2013/09/17 20:44:03 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OldSkype
[2013/02/25 23:36:41 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\ooVoo Details
[2012/01/21 18:22:03 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Pdfsvg
[2012/07/02 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PearlMountainSoft
[2012/01/12 19:56:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PeerNetworking
[2012/08/16 18:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Sierra Wireless
[2013/09/18 10:04:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Spotify
[2012/01/21 11:32:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Thunderbird
[2012/12/13 05:08:12 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software
[2011/12/19 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WildTangent
[2012/10/12 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 19th, 2013, 5:49 am

Hi,
Sweetpacks toolbar is still on FF

We will take care of that soon.
We need to run the OTL fix again, as you had trouble last time we will run it in Safe mode this time.

First delete any version of MiniToolBox on your computer, then download a new version from Here

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Google Chrome << You can reinstall this when we are done


Next.

Reboot your computer in Safe Mode with networking.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Next.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
    IE - HKCU\..\SearchScopes\{D4F6D238-ACDF-42D7-9828-12771E9300F2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN32010726841753629&UM=2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    
    :files
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_elementtree.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32api.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_socket.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._html2.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32ts.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32crypt.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\pythoncom27.dll
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ctypes.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32profile.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._core_.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ssl.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\PyWinTypes27.dll
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32security.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\_hashlib.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32process.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32pdh.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32file.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32inet.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\pyexpat.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32event.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\unicodedata.pyd
    C:\Users\Alan\AppData\Local\Temp\_MEI36762\select.pyd
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Right click MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
  • Reset IE proxy settings
  • Reset FireFox proxy settings.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.

    Logs/Information to Post in your Next Reply

    • OTL Fix log.
    • MiniToobox Result.txt.
    • OTL scan log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 19th, 2013, 12:54 pm

THANKS AGAIN!

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4F6D238-ACDF-42D7-9828-12771E9300F2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4F6D238-ACDF-42D7-9828-12771E9300F2}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_elementtree.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32api.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_socket.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._html2.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_multiprocessing.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32ts.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32crypt.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\pythoncom27.dll not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ctypes.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32profile.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._core_.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_ssl.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._misc_.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\PyWinTypes27.dll not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32security.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._windows_.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\_hashlib.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32process.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32pdh.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._wizard.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32file.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32inet.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\wx._controls_.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\pyexpat.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\win32event.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\unicodedata.pyd not found.
File\Folder C:\Users\Alan\AppData\Local\Temp\_MEI36762\select.pyd not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Alan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alan
->Temp folder emptied: 302958957 bytes
->Temporary Internet Files folder emptied: 145034694 bytes
->Java cache emptied: 248584 bytes
->FireFox cache emptied: 108477602 bytes
->Google Chrome cache emptied: 275632538 bytes
->Flash cache emptied: 188600 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79571230 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 131077 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 20900674 bytes

Total Files Cleaned = 890.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09192013_091604

Files\Folders moved on Reboot...
C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL logfile created on: 9/19/2013 9:29:51 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 43.79% Memory free
8.05 Gb Paging File | 5.76 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): c:\pagefile.sys 1120 8100j:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.92 Gb Total Space | 3.34 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive D: | 69.85 Gb Total Space | 0.57 Gb Free Space | 0.82% Space Free | Partition Type: NTFS
Drive G: | 14.93 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32
Drive I: | 3.37 Gb Total Space | 0.63 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive J: | 82.54 Gb Total Space | 1.34 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive K: | 53.75 Gb Total Space | 0.55 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive L: | 16.60 Gb Total Space | 1.25 Gb Free Space | 7.55% Space Free | Partition Type: FAT32

Computer Name: AL-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/09/11 03:37:20 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/10 09:11:48 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/08 13:36:25 | 004,640,768 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/09/08 13:36:24 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/07 19:39:18 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/23 16:40:56 | 007,331,840 | ---- | M] (Google Inc.) -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/07 19:47:58 | 003,372,720 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2012/02/29 17:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 17:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 18:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/09/27 16:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/08 04:04:50 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/09/06 01:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 01:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 21:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 00:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/24 01:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/09/19 20:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/08/27 11:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 09:21:16 | 000,128,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_elementtree.pyd
MOD - [2013/09/19 09:21:16 | 000,044,032 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_socket.pyd
MOD - [2013/09/19 09:21:15 | 000,805,888 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._gdi_.pyd
MOD - [2013/09/19 09:21:15 | 000,557,056 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\pysqlite2._sqlite.pyd
MOD - [2013/09/19 09:21:15 | 000,504,832 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\windows._cacheinvalidation.pyd
MOD - [2013/09/19 09:21:15 | 000,320,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32com.shell.shell.pyd
MOD - [2013/09/19 09:21:15 | 000,098,816 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32api.pyd
MOD - [2013/09/19 09:21:15 | 000,070,656 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._html2.pyd
MOD - [2013/09/19 09:21:15 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_multiprocessing.pyd
MOD - [2013/09/19 09:21:15 | 000,022,528 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32ts.pyd
MOD - [2013/09/19 09:21:15 | 000,011,264 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32crypt.pyd
MOD - [2013/09/19 09:21:14 | 000,735,232 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._misc_.pyd
MOD - [2013/09/19 09:21:14 | 000,364,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\pythoncom27.dll
MOD - [2013/09/19 09:21:14 | 000,087,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_ctypes.pyd
MOD - [2013/09/19 09:21:14 | 000,017,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32profile.pyd
MOD - [2013/09/19 09:21:13 | 001,175,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._core_.pyd
MOD - [2013/09/19 09:21:13 | 001,153,024 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_ssl.pyd
MOD - [2013/09/19 09:21:13 | 000,110,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\PyWinTypes27.dll
MOD - [2013/09/19 09:21:13 | 000,108,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32security.pyd
MOD - [2013/09/19 09:21:13 | 000,025,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32pdh.pyd
MOD - [2013/09/19 09:21:12 | 000,811,008 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._windows_.pyd
MOD - [2013/09/19 09:21:12 | 000,711,680 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\_hashlib.pyd
MOD - [2013/09/19 09:21:12 | 000,122,368 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._wizard.pyd
MOD - [2013/09/19 09:21:12 | 000,035,840 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32process.pyd
MOD - [2013/09/19 09:21:11 | 000,119,808 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32file.pyd
MOD - [2013/09/19 09:21:11 | 000,038,912 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32inet.pyd
MOD - [2013/09/19 09:21:10 | 001,062,400 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\wx._controls_.pyd
MOD - [2013/09/19 09:21:09 | 000,686,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\unicodedata.pyd
MOD - [2013/09/19 09:21:09 | 000,127,488 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\pyexpat.pyd
MOD - [2013/09/19 09:21:09 | 000,018,432 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\win32event.pyd
MOD - [2013/09/19 09:21:09 | 000,010,240 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI14082\select.pyd
MOD - [2013/09/11 03:37:19 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/10 09:11:40 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/08 13:36:25 | 024,985,600 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
MOD - [2013/06/15 21:23:54 | 000,105,501 | ---- | M] () -- C:\Program Files (x86)\privoxy\cyggcc_s-1.dll
MOD - [2013/05/09 14:21:56 | 000,074,269 | ---- | M] () -- C:\Program Files (x86)\privoxy\cygz.dll
MOD - [2013/04/23 16:29:56 | 000,231,936 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/04/23 16:29:46 | 000,344,064 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/04/23 16:29:28 | 000,253,440 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/04/23 16:28:22 | 000,117,248 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/02/27 12:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/02/27 12:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/02/27 12:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/02/27 12:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/02/27 12:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/02/18 10:35:14 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/29 19:45:00 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/01/09 07:45:10 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:21:49 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:21:40 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:21:37 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:21:28 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/11/06 19:44:52 | 000,059,056 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\zlib.dll
MOD - [2012/11/05 20:40:08 | 000,262,144 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\ckcore.dll
MOD - [2012/11/05 20:40:08 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\FlashGet Network\FlashGet 3\BugReport.dll
MOD - [2011/02/16 09:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 07:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2006/08/11 20:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/10 15:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/14 15:24:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/13 06:37:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 09:11:42 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/07/15 18:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/07/01 02:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/07/09 19:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/26 14:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/12 12:01:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV:64bit: - [2012/03/12 11:55:00 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis)
DRV:64bit: - [2012/03/12 11:54:00 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem)
DRV:64bit: - [2012/03/12 11:54:00 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag)
DRV:64bit: - [2012/03/12 11:54:00 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetgps64.sys -- (vzandnetgps)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 01:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/17 11:05:46 | 000,382,848 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/10/17 11:03:20 | 000,060,416 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/09/08 04:04:52 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 11:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 13:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/17 00:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/15 18:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/07/15 18:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/07/15 18:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/07/15 18:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/07/15 18:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/07/15 18:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/07/15 18:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/07/15 18:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/07/14 15:53:30 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/14 14:48:24 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 23:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 03:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/23 00:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 20:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 22:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/28 19:00:01 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {D4F6D238-ACDF-42D7-9828-12771E9300F2}
IE - HKCU\..\SearchScopes\{FE63A0FA-FEB8-46C6-93F8-60A41E267BCD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3310511&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: %7BBAEC7B80-9A31-47b2-A68B-DCAC8DF48E87%7D:0.9.2
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BD1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: crossriderapp12555%40crossrider.com:0.88.72
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/09 10:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/25 20:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2013/09/19 09:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions
[2013/09/09 14:55:50 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}
[2013/09/18 09:11:38 | 000,000,000 | ---D | M] ("JollyWallet") -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\crossriderapp12555@crossrider.com
[2012/12/17 05:07:26 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\fdm_ffext@freedownloadmanager.org
[2013/04/24 09:25:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\support@lastpass.com
[2013/09/18 09:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\crossriderapp12555@crossrider.com\chrome\content\extensionCode
[2012/03/16 19:09:03 | 000,003,196 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}.xpi
[2013/09/10 08:18:42 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/24 10:15:19 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/09/10 14:36:43 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/10 09:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/10 09:11:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/28 13:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\crossrider
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.1_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\crossrider
CHR - Extension: JollyWallet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.21.72_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.1_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\

O1 HOSTS File: ([2013/09/10 14:47:35 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Alan\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8:64bit: - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.100 192.168.6.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E}: DhcpNameServer = 50.201.157.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9}: DhcpNameServer = 64.13.115.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}: DhcpNameServer = 192.168.6.100 192.168.6.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2}: DhcpNameServer = 10.33.16.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/01/24 00:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 06:51:06 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Alan\Desktop\MiniToolBox.exe
[2013/09/18 09:51:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/18 09:19:59 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NexGen Media Player
[2013/09/18 09:19:43 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\NexGenMediaPlayer
[2013/09/18 09:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NexGen Media Player
[2013/09/18 09:13:02 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
[2013/09/18 09:12:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\WordOv
[2013/09/18 09:11:59 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\JollyWallet
[2013/09/18 09:11:42 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Updater12555
[2013/09/18 09:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JollyWallet
[2013/09/18 07:53:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\%LOCALAPPDATA%
[2013/09/18 07:53:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/17 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Skype
[2013/09/17 05:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:57:02 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/09/17 04:48:40 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/14 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\europe_photos_dannys_computer
[2013/09/14 11:39:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/11 09:21:22 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/09/11 09:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/11 09:09:26 | 009,879,648 | ---- | C] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:54 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2013/09/10 14:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 14:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/10 14:52:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/10 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/10 14:33:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\RK_Quarantine
[2013/09/10 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/10 09:09:22 | 000,000,000 | R--D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/09/09 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/09/09 14:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/09/09 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\LG Esteem
[2013/09/08 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Spotify
[2013/09/08 13:34:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Spotify
[2013/09/07 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/09/07 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/09/19 09:37:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 09:29:02 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 09:29:02 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 09:27:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 09:24:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
[2013/09/19 09:19:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/19 09:19:08 | 3736,985,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 09:04:37 | 000,000,000 | ---- | M] () -- C:\windows\EEventManager.INI
[2013/09/19 06:51:20 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Alan\Desktop\MiniToolBox.exe
[2013/09/18 21:42:57 | 000,003,309 | ---- | M] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/18 21:42:32 | 000,265,733 | ---- | M] () -- C:\Users\Alan\Documents\alan.PNG
[2013/09/18 21:40:35 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
[2013/09/18 09:50:12 | 001,039,554 | ---- | M] () -- C:\Users\Alan\Desktop\adwcleaner.exe
[2013/09/18 09:19:59 | 000,001,066 | ---- | M] () -- C:\Users\Alan\Desktop\NexGen Media Player.lnk
[2013/09/18 09:13:56 | 000,000,620 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/09/18 07:59:21 | 000,000,204 | ---- | M] () -- C:\windows\SysWow64\secustat.dat
[2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:48:53 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/14 11:40:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/13 10:42:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/13 10:42:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/13 10:42:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/12 11:33:19 | 000,000,056 | ---- | M] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | M] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:48:33 | 000,281,382 | ---- | M] () -- C:\MGlogs.zip
[2013/09/11 09:20:46 | 001,990,472 | ---- | M] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/11 09:09:46 | 009,879,648 | ---- | M] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:57 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/10 06:07:18 | 000,312,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/09 18:01:08 | 000,572,808 | ---- | M] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/09 10:42:50 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/09/08 13:36:26 | 000,001,801 | ---- | M] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 01:42:27 | 000,002,360 | ---- | M] () -- C:\Users\Alan\Desktop\Google Chrome.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:56:05 | 000,000,370 | ---- | M] () -- C:\windows\tasks\ReclaimerResumeInstall_Alan.job
[2013/09/07 19:53:07 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/09/19 09:04:37 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013/09/18 21:42:57 | 000,003,309 | ---- | C] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/18 21:41:52 | 000,265,733 | ---- | C] () -- C:\Users\Alan\Documents\alan.PNG
[2013/09/18 09:49:44 | 001,039,554 | ---- | C] () -- C:\Users\Alan\Desktop\adwcleaner.exe
[2013/09/18 09:19:59 | 000,001,066 | ---- | C] () -- C:\Users\Alan\Desktop\NexGen Media Player.lnk
[2013/09/18 09:13:53 | 000,000,620 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013/09/12 11:33:19 | 000,000,056 | ---- | C] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | C] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:39:23 | 000,281,382 | ---- | C] () -- C:\MGlogs.zip
[2013/09/11 09:20:44 | 001,990,472 | ---- | C] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 17:58:00 | 000,572,808 | ---- | C] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/08 13:36:26 | 000,001,801 | ---- | C] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 13:36:26 | 000,001,787 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:52:47 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:50:02 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:50:01 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/09/07 19:49:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/01/29 21:18:29 | 000,000,045 | ---- | C] () -- C:\windows\WF-3540.ini
[2012/12/24 18:36:08 | 000,000,204 | ---- | C] () -- C:\windows\SysWow64\secustat.dat
[2012/12/24 07:22:32 | 000,000,025 | ---- | C] () -- C:\windows\emcore.INI
[2012/09/30 14:49:40 | 000,000,258 | RHS- | C] () -- C:\Users\Alan\ntuser.pol
[2012/08/16 18:35:55 | 000,000,238 | ---- | C] () -- C:\windows\SysWow64\initparams.ini
[2012/03/03 09:29:00 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave_back.xml
[2012/01/23 22:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 06:07:38 | 000,039,880 | ---- | C] () -- C:\windows\SysWow64\dischandler.exe
[2012/01/12 19:56:59 | 000,015,850 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2012/01/09 13:00:48 | 004,346,880 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2012/01/08 14:49:20 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave.xml
[2012/01/08 14:49:10 | 000,001,238 | ---- | C] () -- C:\Users\Alan\.Setting.ini
[2012/01/07 15:22:00 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll
[2012/01/07 15:21:50 | 006,366,094 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 15:21:50 | 001,007,151 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-53.dll
[2012/01/07 15:21:50 | 000,354,979 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll
[2012/01/07 15:21:50 | 000,203,306 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll
[2012/01/07 15:21:50 | 000,138,727 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-2.dll
[2012/01/03 13:27:09 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\libiconv
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\grep
[2011/12/25 12:21:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/25 12:21:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Sync
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\howto
[2011/12/25 12:20:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/25 12:20:35 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\laserjet
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\filter
[2011/12/25 12:20:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/25 12:20:34 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Pad
[2011/12/20 13:00:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/20 11:50:04 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/12/20 11:49:56 | 000,099,328 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011/12/20 11:49:54 | 000,158,720 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011/12/20 11:49:54 | 000,146,944 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011/12/20 11:49:52 | 001,525,248 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011/12/20 11:49:52 | 000,212,480 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011/12/20 11:49:52 | 000,115,200 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011/12/20 11:49:50 | 000,328,704 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011/12/20 11:49:50 | 000,260,608 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011/12/20 11:49:50 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2011/09/28 18:12:06 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/28 17:32:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/28 17:18:50 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/17 08:41:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Amazon
[2012/05/08 14:45:52 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG
[2013/01/19 09:01:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AVG2013
[2013/06/01 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Azureus
[2013/09/18 07:59:21 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\BITS
[2011/12/31 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Bullzip
[2012/01/21 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\calibre
[2013/03/20 10:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\canon
[2013/03/20 10:58:31 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Canon_Inc_IC
[2012/01/07 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.amazon.music.uploader
[2012/01/03 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2013/09/19 09:21:44 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Dropbox
[2013/02/03 20:33:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Epson
[2013/05/08 05:56:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FileZilla
[2012/12/24 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashGet
[2012/12/24 07:17:46 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashGetBHO
[2012/12/24 07:18:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\FlashgetSetup
[2012/04/04 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Flickr
[2013/09/14 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\gtk-2.0
[2012/12/24 08:32:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\JDownloaderPackages
[2013/01/29 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Leadertech
[2011/12/19 12:02:11 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\LibreOffice
[2012/08/27 20:26:35 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Mp3tag
[2011/12/25 17:41:29 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Nikon
[2012/03/03 17:17:55 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\NoteTab Light
[2013/09/17 20:44:03 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\OldSkype
[2013/02/25 23:36:41 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\ooVoo Details
[2012/01/21 18:22:03 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Pdfsvg
[2012/07/02 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PearlMountainSoft
[2012/01/12 19:56:58 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PeerNetworking
[2012/08/16 18:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Sierra Wireless
[2013/09/19 09:51:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Spotify
[2012/01/21 11:32:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Thunderbird
[2012/12/13 05:08:12 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TuneUp Software
[2011/12/19 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WildTangent
[2012/10/12 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 20th, 2013, 6:05 am

Just rereading your last set of instructions and I see that I missed the Google Chrome uninstall. Should I run through your steps again? Thanks.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » September 20th, 2013, 10:20 am

Hello mal-an,

My name is Wingman. Cypher is temporarily unavailable, so I'll be taking over your logs.

I'd like to make a backup of the registry before we go any further. Please see my instructions below and if you have any questions, please ask before performing instructions you are unsure about.


Step 1.
Registry Backup (TCRB)
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 2.
Uninstall Google Chrome
If not already done
Please go to Control Panel > Programs and Features > select Google Chrome
Uninstall this program and if asked to keep any personalized settings or folders, say NO... we want all Google Chrome associated values removed.
Carefully read the uninstall screens... as some are worded to keep you from removing the product.
Please reboot your computer normally, after the uninstall is complete, if not done as part of the uninstall process.


Step 3.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out (or at least read) How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. TCRB Registry backup created successfully?
  3. Google Chrome uninstalled?
  4. ComboFix.txt file contents.
  5. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 20th, 2013, 6:47 pm

1. No except I cannot seem to turn windows firewall back on.
2. Yes
3. Yes
4. See below
5. OK so far

Thank you Wingman!

ComboFix 13-09-19.01 - Alan 09/20/2013 15:18:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1815 [GMT -7:00]
Running from: c:\users\Alan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alan\AppData\Local\Temp\_MEI30002\_ctypes.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\_elementtree.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\_hashlib.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\_multiprocessing.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\_socket.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\_ssl.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\msvcp100.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\msvcr100.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\pyexpat.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\pysqlite2._sqlite.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\python27.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\pythoncom27.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\PyWinTypes27.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\select.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\unicodedata.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32api.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32com.shell.shell.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32crypt.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32event.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32file.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32inet.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32pdh.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32process.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32profile.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32security.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\win32ts.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\windows._cacheinvalidation.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._controls_.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._core_.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._gdi_.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._html2.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._misc_.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._windows_.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wx._wizard.pyd
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxbase294u_net_vc90.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxbase294u_vc90.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxmsw294u_adv_vc90.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxmsw294u_core_vc90.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxmsw294u_html_vc90.dll
c:\users\Alan\AppData\Local\Temp\_MEI30002\wxmsw294u_webview_vc90.dll
K:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-08-20 to 2013-09-20 )))))))))))))))))))))))))))))))
.
.
2013-09-20 22:28 . 2013-09-20 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-20 21:57 . 2013-09-20 21:57 -------- d-----w- C:\RegBackup
2013-09-20 21:56 . 2013-09-20 21:56 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-09-20 04:37 . 2013-09-20 04:37 3723656 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-18 16:51 . 2013-09-18 16:56 -------- d-----w- C:\AdwCleaner
2013-09-18 16:19 . 2013-09-18 17:07 -------- d-----w- c:\users\Alan\AppData\Local\NexGenMediaPlayer
2013-09-18 16:19 . 2013-09-18 16:20 -------- d-----w- c:\program files (x86)\NexGen Media Player
2013-09-18 16:12 . 2013-09-18 16:13 -------- d-----w- c:\users\Alan\AppData\Local\WordOv
2013-09-18 16:11 . 2013-09-18 16:11 -------- d-----w- c:\users\Alan\AppData\Local\JollyWallet
2013-09-18 16:11 . 2013-09-18 16:11 -------- d-----w- c:\users\Alan\AppData\Local\Updater12555
2013-09-18 16:11 . 2013-09-18 16:11 -------- d-----w- c:\program files (x86)\JollyWallet
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- C:\_OTL
2013-09-18 09:48 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5C3EF1-987C-49EA-800E-293BD5F30E9E}\mpengine.dll
2013-09-18 03:45 . 2013-09-20 22:04 -------- d-----w- c:\users\Alan\AppData\Roaming\Skype
2013-09-17 11:57 . 2013-09-17 11:57 -------- d-----w- c:\windows\ERUNT
2013-09-11 16:21 . 2013-09-12 13:57 -------- d-----w- C:\MGtools
2013-09-11 16:10 . 2013-09-11 16:20 -------- d-----w- c:\programdata\HitmanPro
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\programdata\Malwarebytes
2013-09-10 21:52 . 2013-09-10 21:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-10 21:52 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-09 21:56 . 2013-09-09 21:56 -------- d-----w- c:\program files (x86)\privoxy
2013-09-09 21:55 . 2013-09-11 04:52 -------- d-----w- c:\program files (x86)\Web Protect
2013-09-08 20:36 . 2013-09-18 07:00 -------- d-----w- c:\users\Alan\AppData\Local\Spotify
2013-09-08 20:34 . 2013-09-20 22:33 -------- d-----w- c:\users\Alan\AppData\Roaming\Spotify
2013-09-08 04:02 . 2013-09-08 04:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 04:37 . 2012-04-15 23:43 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 04:37 . 2012-01-03 04:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 18:48 . 2013-09-11 18:39 281382 ----a-w- C:\MGlogs.zip
2013-08-30 07:48 . 2013-05-22 04:13 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-22 04:13 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-05-22 04:13 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-05-22 04:13 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-22 04:13 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-05-22 04:13 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-22 04:13 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-05-22 04:13 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-22 04:10 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-22 04:13 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 11:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-04 07:11 . 2011-06-11 09:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-04 07:11 . 2011-06-11 09:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Facebook Update"="c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-13 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify"="c:\users\Alan\AppData\Roaming\Spotify\Spotify.exe" [2013-09-08 4640768]
"Spotify Web Helper"="c:\users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-09-08 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-03-01 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-03-01 863360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-3-20 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgvzandnetadb.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetgps;LGE AndroidNet for VZW USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgvzandnetgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetgps64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:37]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-13 01:19]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
- c:\users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-13 01:19]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 08:51]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 08:51]
.
2013-09-08 c:\windows\Tasks\ReclaimerResumeInstall_Alan.job
- c:\users\Alan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-08 02:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT33105 ... hSource=13
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-09 14:55; {D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}; c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}
FF - ExtSQL: 2013-09-18 09:11; crossriderapp12555@crossrider.com; c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\crossriderapp12555@crossrider.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-823EADEA75B0A1548DF70B57581868B7B9A1F293._service_run - c:\users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-IECT3310511 - c:\programdata\Conduit\IE\CT3310511\UninstallerUI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\05\0a\029\0e?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\privoxy\privoxy.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2013-09-20 15:42:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-20 22:42
.
Pre-Run: 3,787,759,616 bytes free
Post-Run: 3,600,113,664 bytes free
.
- - End Of File - - 1CD28BD48DC42242AEF9106707E575CC
2E5DEBB2116B3417023E0D6562D7ED07
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » September 21st, 2013, 9:31 am

Hello mal-an,

Thanks for the logs.
When you say "OK so far" regarding the computer behavior, what do you mean? Is your proxy server setting as it should be? Is Sweetpacks still on FF?

As a safety measure I generally ask for a registry backup as the first step in my set of instructions. This allows us a return starting point, should we need it.
I'd like to see what other unwanted toolbar or search items may be on your computer, including Sweatpacks.

Step 1.
Registry Backup (TCRB)
You should have still have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 2.
SystemLook
Please download SystemLook_x64.exe ... by jpshortstuff and save it to your Desktop.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *fantastigames*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *kelkoopartners*
    *Searchnu*
    *Searchnu*
    *Sweetie*
    *Sweetim*
    *SweetPacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *fantastigames*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *kelkoopartners*
    *Searchnu*
    *Searchqu*
    *Sweetie*
    *Sweetim*
    *SweetPacks*
    *Tarma*
    *trolltech*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    fantastigames
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    kelkoopartners
    Searchnu
    Searchqu
    Sweetie
    Sweetim
    SweetPacks
    Tarma
    trolltech
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.


Step 3.
If you are still having trouble with turning your Windows Firewall ON... please try this Microsoft Fix:
Image
Microsoft Fix it 9810866
  1. You'll see MicrosoftFixit 50884.msi as the file to be run or saved. Please save this file to your desktop.
  2. Close all open programs including your browser(s).
  3. Double click the Microsoft Fixit icon to start the process.
  4. Follow installer instructions.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. TCRB Registry backup created successfully?
  3. Systemlook.txt file contents.
  4. Firewall Fix executed? Firewall turned ON?
  5. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 21st, 2013, 12:35 pm

Sorry I wasn't more specific about the computer behaving. I just did the steps and wanted to post quickly so I didn't really take the time to look around. Sweetpacks toolbar seemed to be gone, but there was the Conduit search with a Sweetpacks ad on the main screen rather than the toolbar itself. My internet connection has been terribly slow and I use Skype a lot and it's dropping calls.

1. No
2. Yes -- I'd already done that one
3. See below
4. & 5. trying now. will post in a moment

SystemLook 04.09.10 by jpshortstuff
Log created at 09:03 on 21/09/2013 by Alan
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerBack.js.vir --a---- 497312 bytes [16:17 18/09/2013] [16:17 18/09/2013] D7DC050206E596F2E6852D679970A0BF
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\ConduitAbstractionLayerFront.js.vir --a---- 258560 bytes [16:17 18/09/2013] [16:17 18/09/2013] 54C6BB15C77284B67F313797120B35EB
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\js\conduitEnv.js.vir --a---- 93693 bytes [16:17 18/09/2013] [16:17 18/09/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll.vir --a---- 853792 bytes [16:17 18/09/2013] [16:17 18/09/2013] 2D613BA163E7904A5D5EBA654C316A9F
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\Search\plugins\npConduitNewTabPlugin.dll.vir --a---- 62240 bytes [16:17 18/09/2013] [16:17 18/09/2013] 90B0FFB930489F0BC80809AE7C3C0AA0
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [16:17 18/09/2013] [16:17 18/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [16:17 18/09/2013] [16:17 18/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_11_331_CT3310511_Images_635119020644138398.png.vir --a---- 2307 bytes [16:20 18/09/2013] [16:20 18/09/2013] DC4CF28758D3BED9198399CE262781C9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif.vir --a---- 950 bytes [16:20 18/09/2013] [16:20 18/09/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.5_0\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif.vir --a---- 322 bytes [16:20 18/09/2013] [16:20 18/09/2013] 948781E4B6478290050ECA4423B89B1E
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\adapters\conduit.js.vir --a---- 1697 bytes [16:13 18/09/2013] [22:19 05/09/2013] 9D273480CDB60C7A79E6669EA05EA1A2
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Temp\CT3310511\conduit.xml.vir --a---- 785 bytes [08:39 29/08/2013] [08:39 29/08/2013] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayer.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerBack.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\ConduitAbstractionLayerFront.js.vir --a---- 36087 bytes [22:40 10/09/2013] [22:40 10/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo-OLD.png.vir --a---- 1305 bytes [22:40 10/09/2013] [22:40 10/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\aboutBox\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\chrome\CT3310511\content\tb\al\options\images\conduit-logo.png.vir --a---- 3926 bytes [22:40 10/09/2013] [22:40 10/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\lib\log4conduit.jsm.vir --a---- 760 bytes [22:40 10/09/2013] [22:40 10/09/2013] 93898FE6A232C5FCD838D8168F65D802
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll.vir --a---- 207136 bytes [22:40 10/09/2013] [22:40 10/09/2013] 0E52F63E8BA97B610400840C3057FAA4
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\searchplugins\Conduit.xml.vir --a---- 997 bytes [16:15 18/09/2013] [16:15 18/09/2013] BCF3FEDFA068893EF8555D24048C3607
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

Searching for "*datamngr*"
No files found.

Searching for "*fantastigames*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.AxImp.dll.vir --a---- 193584 bytes [19:52 10/09/2013] [19:52 10/09/2013] C11D5317BD008F10150AA9BC9A9F933A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Booster.UI.dll.vir --a---- 587312 bytes [19:52 10/09/2013] [19:52 10/09/2013] C240035A736636E8A7D367589C79F37A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.Connect.dll.vir --a---- 39472 bytes [19:52 10/09/2013] [19:52 10/09/2013] DED4B99711F494385B232AFEC501B056
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.dll.vir --a---- 171056 bytes [19:52 10/09/2013] [19:52 10/09/2013] D78A42B3F5B8DCFCB5553CCA1020DFE4
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.tlb.vir --a---- 8340 bytes [16:13 18/09/2013] [16:13 18/09/2013] 8696A4DD3EA086B97621FDEC1061E6D8
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Entity.dll.vir --a---- 19504 bytes [19:52 10/09/2013] [19:52 10/09/2013] 4241754246B3C69A322A2A06E294926B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.config.vir --a---- 2160 bytes [17:57 14/12/2012] [17:57 14/12/2012] E0DCCD0CC3808594C49AADF131247227
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.vir --a---- 1074736 bytes [19:52 10/09/2013] [19:52 10/09/2013] 8112F9B3B4C2EBF3D5C0D465870CEC2F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallLog.vir --a---- 499 bytes [16:13 18/09/2013] [16:13 18/09/2013] B859A4FADC3EE3094A670D3B8B84497F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.InstallState.vir --a---- 5126 bytes [16:13 18/09/2013] [16:13 18/09/2013] 616753ACC693E461BF66E2CCEA63AAB2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll.vir --a---- 6321712 bytes [19:52 10/09/2013] [19:52 10/09/2013] 01DA84F79C202B06D00A3FC2E4A8AA88
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.dll.vir --a---- 118320 bytes [19:52 10/09/2013] [19:52 10/09/2013] 8B57D528BB944D3277D5903537DAB7AF
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.tlb.vir --a---- 40216 bytes [16:14 18/09/2013] [16:14 18/09/2013] 8303CAE255718D51951ED895E243AE80
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.config.vir --a---- 1768 bytes [17:57 14/12/2012] [17:57 14/12/2012] 5FD11EE850F7BE3B8AC1352831561BEC
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.vir --a---- 884784 bytes [19:52 10/09/2013] [19:52 10/09/2013] 79E59525DB8CBFAA35F66786B62CFB54
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Services.dll.vir --a---- 1523760 bytes [19:52 10/09/2013] [19:52 10/09/2013] F23027E04BB358B0C106793A25B9913A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll.vir --a---- 245840 bytes [16:14 18/09/2013] [21:37 22/01/2013] 2D690FCDFE41F4389D23A5DCD7DB5C99
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.dll.vir --a---- 47664 bytes [19:52 10/09/2013] [19:52 10/09/2013] 0E0D84D4DC726EEB09628EA02AE03F47
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll.vir --a---- 39984 bytes [19:52 10/09/2013] [19:52 10/09/2013] 6E3B1F4CE53968AF5886E3E741E3D65E
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll.vir --a---- 2141744 bytes [19:52 10/09/2013] [19:52 10/09/2013] 719F338E3F48D2FDF73BDEB63AB4FC33
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll.vir --a---- 152112 bytes [19:52 10/09/2013] [19:52 10/09/2013] 0F8278C79144CD77BE930E93F6C008A0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Windows.dll.vir --a---- 134704 bytes [19:52 10/09/2013] [19:52 10/09/2013] A879810F041A7C7960D62801C4530A04
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Workflow.dll.vir --a---- 204336 bytes [19:52 10/09/2013] [19:52 10/09/2013] 868B50DA08BF238C094ADE7912244101
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] 6FE947C555E6CB854DF21CA9106B0246
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 517635E001D12589AC648E84261E5BE2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] 96EBBF0E58F926CC8207320AF2291CF7
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 03610C356921C1E9483FB7EFD3072DE9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] 9413A0A395EE333A6389AA532D0C5E27
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] D8A7C09A4B9D1CBDCC7D354D836AB301
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] C2FFE1132955D5B80AD0EC02254C61EA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 95A635A221E94030CC3F5DB709D96B98
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 8AE737681465CE76D017600B97990D95
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 802ECF38AC24B219F1062D187700B98B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] 32F0F6734A539CE288E342C7FA1B0B65
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] A9DC1AF3E27753EBFA2BD58FB14C7DD1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] A94C77BCFF7667A48AEEC3850C36D52F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 8B0AA699BE8CA5F179CAEC6C6D10321A
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 964026415F308C8722B3092F91DE503B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [19:50 10/09/2013] [19:50 10/09/2013] 9F0F020841DAA7C62D1F2570D231078B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] D0D6EF270843BC2F0F2489AF58C045B0
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 269C967101E90DAC5581A71199488A51
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] E65ACE219149CB231BEE053D4962B1FA
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] ACD95CC7CF5D9383AC2CDFA4E4C58559
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll.vir --a---- 11776 bytes [19:50 10/09/2013] [19:50 10/09/2013] 09C47417B94E55E603FD835772881C02
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 567AE681C72B81E298D1BE56588F5675
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] F0293917B27579B5ADBD98C1E272373D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 59A4803ECAAFFE01FDAA259F8183D392
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 091BCE1E19A5256D4F7F6C298D0A7CBB
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll.vir --a---- 11264 bytes [19:50 10/09/2013] [19:50 10/09/2013] 0CC7C11713B216E83A3A4C0764F25BA1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll.vir --a---- 5632 bytes [19:50 10/09/2013] [19:50 10/09/2013] ACEB48F277A4770612F6A254903697D3
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll.vir --a---- 6656 bytes [19:50 10/09/2013] [19:50 10/09/2013] 478AA27A69400DB487B9B28B2C348786
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll.vir --a---- 12288 bytes [19:50 10/09/2013] [19:50 10/09/2013] F8426E72497E8ADDC8884A3D97AAA2B1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll.vir --a---- 6144 bytes [19:49 10/09/2013] [19:49 10/09/2013] 463618179EB672685A3E1EFAF0971E99
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll.vir --a---- 6144 bytes [19:50 10/09/2013] [19:50 10/09/2013] 13783F7B9933BF6D480E1007D5573B6B
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.resources.dll.vir --a---- 4608 bytes [19:49 10/09/2013] [19:49 10/09/2013] 12DD66211E39DB1F24208F5D7F8ECF8D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll.vir --a---- 7168 bytes [19:50 10/09/2013] [19:50 10/09/2013] FF325CA18018FC84F5A464E09E88C1F2
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js.vir --a---- 148 bytes [16:13 18/09/2013] [16:13 18/09/2013] 4FC8F32A6DB379F40F562754D0463F67
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk.vir --a---- 1132 bytes [16:13 18/09/2013] [16:13 18/09/2013] 775305071F65C6A6FCB6C377D7A3B03B
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\iminentbutton.png.vir --a---- 4589 bytes [16:13 18/09/2013] [22:20 05/09/2013] AAC16376AEF02465588FA38CA5FBDC07
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\iminentbutton_bg.png.vir --a---- 1131 bytes [16:13 18/09/2013] [22:20 05/09/2013] 04C6DE822710FED77B72069826D2DCAD
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\bhp\iminent-logo.png.vir --a---- 1261 bytes [16:13 18/09/2013] [22:20 05/09/2013] FD46023ADE33BF26252CBD5D6D734E2F
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.36.1.1_0\scripts\minibar\content\images\ql\iminent_bookmark.png.vir --a---- 468 bytes [16:13 18/09/2013] [22:20 05/09/2013] 005E370F0DF2A5F3C61751DF5694EDA0
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\Extensions\webbooster@iminent.com.xpi.vir --a---- 614544 bytes [16:13 18/09/2013] [22:23 05/09/2013] F342B94B1BDF3C943D34F9DE194DAAF2

Searching for "*kelkoopartners*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Sweetie*"
No files found.

Searching for "*Sweetim*"
C:\AdwCleaner\Quarantine\C\Users\Alan\Desktop\Continue SweetIM Installation.lnk.vir --a---- 2289 bytes [16:14 18/09/2013] [16:14 18/09/2013] 98BDC88FCE6E0C8BB21CA4405F3B78D7

Searching for "*SweetPacks*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks\SweetPacksToolbarHelper.exe.vir --a---- 86816 bytes [08:27 29/08/2013] [08:27 29/08/2013] 943F313974A830D4634C73BEB8103F5E
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Conduit\CT3310511\SweetPacksAutoUpdateHelper.exe.vir --a---- 86816 bytes [08:27 29/08/2013] [08:27 29/08/2013] 943F313974A830D4634C73BEB8103F5E

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
C:\Program Files (x86)\JDownloader\jd\plugins\hoster\DivShareCom.class --a---- 7464 bytes [15:30 24/12/2012] [15:38 24/12/2012] C904F0A889CFC1D0D7567FAE18E0F7C5
C:\Program Files (x86)\JDownloader\jd\plugins\hoster\MovShareNet.class --a---- 5011 bytes [15:30 24/12/2012] [15:41 24/12/2012] D50976EE34CB5B12F601A5BAAF20E292

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\ProgramData\WildTangent\Game Console - WildGames\UI\htdocs2\Common\product\babylonia d------ [00:10 29/09/2011]
C:\Users\All Users\WildTangent\Game Console - WildGames\UI\htdocs2\Common\product\babylonia d------ [00:10 29/09/2011]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Local\Conduit d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\Conduit d------ [16:55 18/09/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*fantastigames*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\Roaming\Iminent d------ [16:55 18/09/2013]

Searching for "*kelkoopartners*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Sweetie*"
No folders found.

Searching for "*Sweetim*"
No folders found.

Searching for "*SweetPacks*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetPacks d------ [16:55 18/09/2013]
C:\AdwCleaner\Quarantine\C\Users\Alan\AppData\LocalLow\SweetPacks d------ [16:55 18/09/2013]

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\JollyWallet\Code]
"BgJavaScript"="

// -------------------------------------------------------- JW INTERFACE ----------------------------------------
// this area include the functions used by the JW Application, the content of each one should/can
// be replaced by the specific platform api functions
// please pay attantion to the code lines marked as 'mandatory' and make sure you call them,according to thier order

var jwInterface = {};
jwInterface.platform_id = "cr3";//platform specific id
jwInterface.protocol = "http://";
jwInterface.vOffset = 0;// upper bar vertical offset (34 for conduit+chrome)

// initilize the interface
// input:
// mode - platform specific state/environment
jwInterface.init = function (jquery_library, mode) {
utils.init(jquery_library); // mandatory call with the JQUERY library (if any)
tbView.isPlugin = (appAPI.appInfo.id != 12556) && (appAPI.appInfo.id != 12555);
tbView.start(); // mandatory call
if( document && document.l
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D8EF64479F1C24D4AAEAD5CB5E68506A"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D8EF64479F1C24D4AAEAD5CB5E68506A]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"DisplayIcon"="C:\ProgramData\Conduit\IE\CT3310511\SetupIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"UninstallString"="C:\ProgramData\Conduit\IE\CT3310511\UninstallerUI.exe -ctid=CT3310511 -toolbarName=SweetPacks -toolbarEnv=conduit -type=IE"
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\AppDataLow\Software\JollyWallet\Code]
"BgJavaScript"="

// -------------------------------------------------------- JW INTERFACE ----------------------------------------
// this area include the functions used by the JW Application, the content of each one should/can
// be replaced by the specific platform api functions
// please pay attantion to the code lines marked as 'mandatory' and make sure you call them,according to thier order

var jwInterface = {};
jwInterface.platform_id = "cr3";//platform specific id
jwInterface.protocol = "http://";
jwInterface.vOffset = 0;// upper bar vertical offset (34 for conduit+chrome)

// initilize the interface
// input:
// mode - platform specific state/environment
jwInterface.init = function (jquery_library, mode) {
utils.init(jquery_library); // mandatory call with the JQUERY library (if any)
tbView.isPlugin = (appAPI.appInfo.id != 12556) && (appAPI.appInfo.id != 12555);
tbView.start(); // man
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Conduit]

Searching for "datamngr"
No data found.

Searching for "fantastigames"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
@="{0.0.0.00000000}.{0f61f3d4-0a2a-4f53-8010-3e64ba82bd16}|\Device\HarddiskVolume2\Users\Alan\AppData\Local\Temp\IminentSetup.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1]
"ProductName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\SourceList]
"PackageName"="iminent.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\SourceList]
"LastUsedSource"="n;1;C:\Users\Alan\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\SourceList\Net]
"1"="C:\Users\Alan\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\inst\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\en\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Iminent\ro\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\Software\Iminent\WebBooster\Scripts\minibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\CurrentLcid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
"00000000000000000000000000000000"="02:\SOFTWARE\Iminent\AppInstanceUid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\f_in_box.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Loader\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\StartWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\ApplicationProgramsFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\msacm32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IminentMessenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\Software\Iminent\WebBooster\Scripts\sslminibar\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\InstallationOwner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Windows.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\USearch.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.AxImp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\inst\main.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Services.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\SearchEngineOptin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Mediator\Server\ProcPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Workflow.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Mediator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="01:\SOFTWARE\Iminent\SysTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="00:\iminent\URL Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\es\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\Assemblies\Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="02:\SOFTWARE\Iminent\BagKey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Entity.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Iminent\SearchTheWeb.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\Iminent.Business.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\de\Iminent.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"InstallSource"="C:\Users\Alan\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}]
"InstallLocation"="C:\Program Files (x86)\Iminent\IMBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}]
"InstallSource"="C:\Users\Alan\AppData\Local\Temp\Iminent\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}]
"Publisher"="Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}]
"DisplayName"="Iminent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
@="{0.0.0.00000000}.{0f61f3d4-0a2a-4f53-8010-3e64ba82bd16}|\Device\HarddiskVolume2\Users\Alan\AppData\Local\Temp\IminentSetup.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "kelkoopartners"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Sweetie"
No data found.

Searching for "Sweetim"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\Bars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\resources\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\Logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Communicator\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\conf\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\ProgramData\SweetIM\Communicator\Logs\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"HelpLink"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\SweetIM\Communicator\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"URLInfoAbout"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"URLUpdateInfo"="http://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMInstallValidator_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMInstallValidator_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"

Searching for "SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B]
"ProductName"="Update Manager for SweetPacks 1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SweetPacksUpdateManager.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
"EB6AF8AEEB922FA4392548F13812E50B"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
"DisplayName"="Update Manager for SweetPacks 1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"DisplayName"="SweetPacks Toolbar for IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"HelpLink"="http://SweetPacks.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"Publisher"="SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"URLInfoAbout"="http://SweetPacks.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
"UninstallString"="C:\ProgramData\Conduit\IE\CT3310511\UninstallerUI.exe -ctid=CT3310511 -toolbarName=SweetPacks -toolbarEnv=conduit -type=IE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe|Name=SweetPacksUpdateManager|"

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 21st, 2013, 12:57 pm

Well, I still cannot turn the Firewall on and Sweetpacks is still appearing on FF. Here are some screen captures. Good news is that I no longer seem to be redirected to a proxy. Thanks for your ongoing help and patience.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » September 21st, 2013, 2:55 pm

Hello mal-an,

You're welcomed... :)

Thanks for the explanation... When I ask you to execute a step, even if you have done so before, you need to execute it.
The purpose of having you run another TCRB registry backup is to provide multiple points where the registry could be restored if needed. So each of my instruction sets will most likely ask for a TCRB backup to be perform, please do so when asked. Thanks.

Let's see if we can get the Firewall service started manually... then I work on the Sweetpacks FF entry... but first, ;)

Step 1.
Registry Backup (TCRB)
You should have still have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 2.
Start a Service
  1. Open Notepad (or some other text editor)
  2. Please copy (Ctrl+C) and paste (Ctrl+V) the following text into Notepad.
    Code: Select all
    @echo off
    sc start MpsSvc
    sc config MpsSvc start= Auto 
    exit
    del %0
    exit
  3. Save the text file ... name = "FixServices.bat" (include the quotation marks in the name)
  4. Save file type... = All files...file will not work otherwise. Please save it to your desktop
    Image
    FixServices.bat <<------------- you should see this on your desktop.
  5. Right click on FixServices.bat... and select "Run As Administrator".
    If you receive the Vista UAC prompt... Please allow it.
    A window will open and close... this is normal. The batch file will be deleted.
  6. Now reboot your computer.

See if the Windows Firewall is now started.
If not there may still be some malware entries we have to remove, before it will start.


Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. TCRB backup created successfully?
  3. Batch file executed?
  4. Computer rebooted... Firewall started now?
  5. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 21st, 2013, 3:49 pm

Hi Wingman -- I wasn't trying to be obstinate. Sorry. I misread the registry backup step and interpreted the skip the download and install as skip the run too . . . oops.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » September 21st, 2013, 5:25 pm

No problems... I just wanted to make sure we are on the same page... carry on. ;)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 21st, 2013, 5:28 pm

OK I did the steps . . .

Any problem executing the instructions? No
TCRB backup created successfully? Yes
Batch file executed? Yes
Computer rebooted... Firewall started now? No -- the screens are the same as in last set of screenshots.
How is the computer behaving? Still taking me to Conduit search and a Sweetpacks start screen. Grrr.

This thing is EVIL. I await next steps. Thank you.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Wingman » September 21st, 2013, 5:55 pm

Hello mal-an,
Thanks for hanging in there... these cleaning can be tedious but we'll get there, be patient.

Let's see if we can get rid of the Sweetpacks reference... we are going to run OTL again, with a lot of registry entries to be removed.
It is very important that your run TCRB again, before executing OTL. For safety sake, I would also like you to create a System Restore Point using Windows.
Having both is the best way we can protect ourselves with changes being made to the registry.

Please take your time reading these instructions and executing them. If you have any questions, it's better to ask before rather than later.
OK, let's get started...


Step 1.
Registry Backup (TCRB)
You should have still have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.


Step 2.
Create a System Restore Point - W7
  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type: Wingman's OTL Changes... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 3.
OTL - System Scan
You should still have this on your desktop, if so, ignore the download instructions.
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... Easiest way to get all the text is to use the "Select All" option inside the codebox...
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\AppDataLow\Software\JollyWallet\Code]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
    "@"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\inst\Bootstrapper\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\inst\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\en\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\de\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\es\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\tr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\it\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\fr\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Iminent\ro\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
    "Iminent"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent]
    [HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c2002db7_0]
    "@"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\Bars\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\update\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\conf\users\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Messenger\data\contentdb\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\"=-"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\resources\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\Logs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\SweetIM\Communicator\conf\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMInstallValidator_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMInstallValidator_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMSetup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIMSetup_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SweetIM]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{86F49D66-64DD-4ABF-9251-D8920AF0C863}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SweetPacksUpdateManager.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3310511]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{86F49D66-64DD-4ABF-9251-D8920AF0C863}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-334125316-4088546140-4129291110-1000\Software\Trolltech]
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
    If prompted to restart your computer, please do so.
  9. Please post the contents of report in your next reply.


Step 4.
Reset Firefox
Please be aware when resetting FF, it will attempt to keep the following settings:
•Bookmarks •Browsing history •Passwords •Cookies •Web form auto-fill information •Personal dictionary
The things that will be restored or removed are:
•Extensions and themes •Open tabs, windows and tab groups •Site-specific preferences, search engines, download history, DOM storage, security certificate settings, security device settings, download actions, plugin MIME types, toolbar customizations and user styles. •All Firefox Services, including Facebook Messenger for Firefox will be removed.
Please see this link for additional information.

  1. Start the Firefox browser, if not already opened.
  2. At the top of the Firefox window, click the orange Firefox button.
  3. Select the Help sub-menu... then select Troubleshooting Information.
    Image
  4. Click the Reset Firefox button, located in the upper-right corner of the Troubleshooting Information page.
    Image
  5. In the confirmation window... click Reset Firefox.
    Firefox will close and be reset. When it's done, a window will list the information that was imported.
  6. Click Finish and Firefox will open.
Are you still having the same problems now, after the reset?


Please restart your computer normally, if not done in the OTL step.

Step 5.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware).
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select Perform full scan this time... then press the Scan...button.
  5. Select the drives you want scanned... then press the Scan button. This scan will take a while, so please be patient.
    When the scan finishes...
  6. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  7. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  8. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.


Please include in your next reply:
  1. Any problem executing the instructions?
  2. TCRB backup created successfully?
  3. Windows System Restore point created successfully?
  4. OTL output.
  5. Firefox reset?
  6. MBAM scan results.
  7. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware