Jump to content

Im infected and been directed here, help appreciated greatly


Recommended Posts

Iv been instructed to get these files posted,

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by jimegg at 22:26:21 on 2012-07-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.1209 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\PokerStars\PokerStars.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\mspaint.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show avast! EasyPass Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A65966FD-1B39-4027-9F53-F93BA3973CB6} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A65966FD-1B39-4027-9F53-F93BA3973CB6}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO-X64: PriceGong - No File

BHO-X64: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar - No File

BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE-X64: {25DFF2AF-F542-49B9-84B1-43CE7309EEC1} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe

IE-X64: {3B7E7854-010E-4274-94C0-DEBB34A406F4} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe

IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\jimegg\Desktop\PartyPoker.lnk

AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0D0CtD0E0AtC0DtDtDyE0DyBtDtDyBtAtN0D0TzutBtDtCtBtDyBtDtC&cr=609107336

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0D0CtD0E0AtC0DtDtDyE0DyBtDtDyBtAtN0D0TzutBtDtCtBtDyBtDtC&cr=609107336

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - c22c00730000000000006427375743d9

FF - user.js: extensions.funmoods.instlDay - 15522

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:27:36

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extentions.y2layers.installId - 48598cc2-c54d-444f-91e7-c3b1d29163f6

FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

FF - user.js: extensions.claro.id - c22c00730000000000006427375743d9

FF - user.js: extensions.claro.instlDay - 15540

FF - user.js: extensions.claro.vrsn - 1.6.4.1

FF - user.js: extensions.claro.vrsni - 1.6.4.1

FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.114:04:58

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=2912_4

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c22c00730000000000006427375743d9

FF - user.js: extensions.BabylonToolbar_i.hardId - c22c00730000000000006427375743d9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15542

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:08:44

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]

R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-9 365568]

R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-22 44808]

R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-6-9 1737464]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-22 655944]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]

R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?]

R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-10 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-14 250056]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-10 136176]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-6-9 9216]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-27 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-23 01:20:13 -------- d-----w- C:\Users\jimegg\AppData\Local\{35D508B0-AAD2-4094-A51B-B57394B008C4}

2012-07-23 01:13:21 -------- d-----w- C:\Users\jimegg\AppData\Local\{12E9EEC5-E24A-4848-A5EC-6F707759BAEF}

2012-07-23 01:12:32 -------- d-----w- C:\Users\jimegg\AppData\Local\{6C639BC3-FE7D-47F5-9FE2-B9FB2E075D17}

2012-07-23 01:00:47 -------- d-----w- C:\Program Files (x86)\Siber Systems

2012-07-23 00:59:29 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2012-07-23 00:59:24 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-07-23 00:59:16 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-07-23 00:57:13 41224 ----a-w- C:\windows\avastSS.scr

2012-07-23 00:55:37 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-23 00:55:37 -------- d-----w- C:\Program Files\AVAST Software

2012-07-23 00:00:29 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{055CBCED-5C7B-45EE-970D-D9753BBAF8A0}\offreg.dll

2012-07-22 23:19:20 -------- d-----w- C:\Program Files\CCleaner

2012-07-22 23:13:29 -------- d-----w- C:\Users\jimegg\AppData\Roaming\Malwarebytes

2012-07-22 23:13:01 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-22 23:12:57 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-07-22 23:12:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-22 23:03:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{E47D68B4-4420-433E-865A-9BDFA98D719E}

2012-07-22 23:03:38 -------- d-----w- C:\Users\jimegg\AppData\Local\{A99647AB-9F6E-4753-AD64-8191D2656D59}

2012-07-22 23:02:21 -------- d-----w- C:\ProgramData\boost_interprocess

2012-07-22 00:09:14 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{055CBCED-5C7B-45EE-970D-D9753BBAF8A0}\mpengine.dll

2012-07-21 10:11:26 -------- d-----w- C:\Users\jimegg\AppData\Local\Ilivid Player

2012-07-21 10:11:03 -------- d-----w- C:\Program Files (x86)\iLivid

2012-07-21 10:10:12 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar

2012-07-21 10:08:31 -------- d-----w- C:\Users\jimegg\AppData\Local\Giant Savings

2012-07-21 10:08:17 -------- d-----w- C:\Program Files (x86)\Giant Savings

2012-07-21 10:07:53 -------- d-----w- C:\Program Files (x86)\FLVPlayer

2012-07-21 00:03:28 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-20 23:49:16 -------- d-----w- C:\Users\jimegg\AppData\Local\{F70A5F8C-ED73-44D6-8F86-EEF477F06AFE}

2012-07-20 23:48:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{72FC5457-49E5-4B2D-A181-5755EA42B89E}

2012-07-19 21:04:11 -------- d-----w- C:\Users\jimegg\AppData\Roaming\Babylon

2012-07-19 21:04:11 -------- d-----w- C:\ProgramData\Babylon

2012-07-19 21:03:50 -------- d-----w- C:\Users\jimegg\AppData\Roaming\ExpressFiles

2012-07-19 20:24:49 -------- d-----w- C:\Users\jimegg\AppData\Local\{0416C744-7562-471A-B1DE-5FD8C5C80354}

2012-07-19 20:24:29 -------- d-----w- C:\Users\jimegg\AppData\Local\{AE267826-487A-40DA-A24E-329A5BAB679B}

2012-07-19 00:45:02 -------- d-----w- C:\Users\jimegg\AppData\Roaming\Canneverbe Limited

2012-07-19 00:45:02 -------- d-----w- C:\ProgramData\Canneverbe Limited

2012-07-18 18:42:59 -------- d-----w- C:\Users\jimegg\AppData\Local\{544C8D90-562D-4B71-AC8D-A4F8759EA97F}

2012-07-18 18:42:45 -------- d-----w- C:\Users\jimegg\AppData\Local\{A2651276-C3B8-4941-8D22-8CA4386A6107}

2012-07-17 18:39:00 -------- d-----w- C:\Users\jimegg\AppData\Local\{7263C307-7409-453A-B074-034B7A785466}

2012-07-17 18:38:47 -------- d-----w- C:\Users\jimegg\AppData\Local\{300B8E1C-9210-4BD8-8DCF-51B16322010F}

2012-07-17 10:13:16 -------- d-----w- C:\Program Files (x86)\PKR

2012-07-17 01:15:29 -------- d-----w- C:\Users\jimegg\AppData\Roaming\Mozilla-Cache

2012-07-17 01:13:13 -------- d-----w- C:\Programs

2012-07-16 20:17:46 -------- d-----w- C:\Users\jimegg\AppData\Local\{350F12D2-5589-4891-A12B-DC1299A3D1C2}

2012-07-16 20:17:33 -------- d-----w- C:\Users\jimegg\AppData\Local\{FA7F6848-79C1-4518-B384-A720DA41F4A4}

2012-07-15 22:47:54 -------- d-----w- C:\Users\jimegg\AppData\Local\{F74D5FAC-E3DC-41A4-B095-E82534A38DCD}

2012-07-14 23:04:47 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-07-14 23:03:45 -------- d-----w- C:\Users\jimegg\AppData\Local\{994AAE84-F5CE-45C9-A349-C2A63EABAA3C}

2012-07-14 23:03:30 -------- d-----w- C:\Users\jimegg\AppData\Local\{68F437C7-4DF2-4BBD-82F3-2576D9F21825}

2012-07-13 22:06:08 -------- d-----w- C:\Users\jimegg\AppData\Local\{C9BBBC80-6D00-4DEB-93DC-89C7710F8062}

2012-07-12 19:42:30 -------- d-----w- C:\Users\jimegg\AppData\Local\{7F39A408-6CFC-4227-A121-3723C6B0EAF9}

2012-07-12 19:42:18 -------- d-----w- C:\Users\jimegg\AppData\Local\{01D7D31D-FF32-44E0-9087-233E9A599E71}

2012-07-11 20:35:15 -------- d-----w- C:\Users\jimegg\AppData\Local\{C2594993-41C1-4CFE-A7A2-EE39FE04C6AD}

2012-07-11 20:35:00 -------- d-----w- C:\Users\jimegg\AppData\Local\{860E8CA2-859C-42B5-A4C2-D74E1867A8E9}

2012-07-11 10:12:20 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-07-11 10:02:03 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-07-11 10:02:02 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-07-11 10:02:00 174200 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-07-11 10:02:00 140920 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-07-10 21:23:16 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-07-10 21:17:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-10 21:17:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-10 21:17:22 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-10 21:17:22 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-10 21:17:21 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-07-10 21:17:21 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-10 21:17:21 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-10 21:17:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-10 21:17:20 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-10 21:17:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-10 21:17:20 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-10 21:17:20 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-10 21:17:19 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-07-10 18:31:45 -------- d-----w- C:\Users\jimegg\AppData\Local\{8D7F4499-0B39-4EA4-99C9-FA00A2CCDB2F}

2012-07-10 18:31:33 -------- d-----w- C:\Users\jimegg\AppData\Local\{1EA6D522-32B7-4045-A541-DD8D22BF75A2}

2012-07-09 23:49:41 -------- d-----w- C:\Users\jimegg\AppData\Local\{57E65ACF-292D-443A-AC42-840B6F92C55E}

2012-07-09 23:49:29 -------- d-----w- C:\Users\jimegg\AppData\Local\{01D7FF39-60D9-48BD-A387-58D231E66D22}

2012-07-09 11:09:30 -------- d-----w- C:\Users\jimegg\AppData\Local\Audible

2012-07-09 10:51:59 255352 ----a-w- C:\windows\SysWow64\awrdscdc.ax

2012-07-09 10:51:16 24576 ------w- C:\windows\SysWow64\msxml3a.dll

2012-07-09 10:50:38 -------- d-----w- C:\Program Files (x86)\Audible

2012-07-09 08:54:08 -------- d-----w- C:\Users\jimegg\AppData\Local\{4FD9FEB2-A3FE-495A-B50B-4DEFAACD4983}

2012-07-09 08:53:55 -------- d-----w- C:\Users\jimegg\AppData\Local\{3158D9DC-27EE-42C4-B8DC-C4E3DDA3AF81}

2012-07-08 20:34:12 -------- d-----w- C:\Users\jimegg\AppData\Local\{FE34B595-CEC2-4BDC-AB0D-5D31C1C1837A}

2012-07-08 20:33:59 -------- d-----w- C:\Users\jimegg\AppData\Local\{DDD80168-3C20-4996-BD3A-33B07CF87B82}

2012-07-08 07:30:37 -------- d-----w- C:\Users\jimegg\AppData\Local\{7F4E7325-4085-4339-AFC5-6DB22ACF1102}

2012-07-08 07:30:21 -------- d-----w- C:\Users\jimegg\AppData\Local\{3FA2E478-2950-47BF-AA17-AEC5C651E55F}

2012-07-08 07:14:44 -------- d-----w- C:\Users\jimegg\AppData\Local\{9D548CC4-5C47-44CB-AA95-9EE0472EDAB0}

2012-07-08 07:14:00 -------- d-----w- C:\Users\jimegg\AppData\Local\{1BE3BA58-0E62-4932-87BF-42C3B4967B1C}

2012-07-08 07:09:51 -------- d-----w- C:\ProgramData\SweetIM

2012-07-08 07:09:51 -------- d-----w- C:\Program Files (x86)\SweetIM

2012-07-08 07:09:22 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo

2012-07-08 07:08:36 -------- d-----w- C:\Program Files (x86)\Blinkx

2012-07-07 00:45:15 -------- d-----w- C:\Users\jimegg\AppData\Local\{D45EA169-C5E6-4677-9C08-EF1BD5815FF6}

2012-07-07 00:45:02 -------- d-----w- C:\Users\jimegg\AppData\Local\{F67E11C4-26F0-478D-8E1F-AEC60C926223}

2012-07-06 12:44:19 -------- d-----w- C:\Users\jimegg\AppData\Local\{BC58261A-98D7-43FE-9593-7365F72152E8}

2012-07-06 12:43:56 -------- d-----w- C:\Users\jimegg\AppData\Local\{EE2C6535-27CB-47D2-86E5-33A5641826BB}

2012-07-06 07:33:13 -------- d-----w- C:\Users\jimegg\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1

2012-07-06 07:32:49 -------- d-----w- C:\Users\jimegg\SkyPokerLogs

2012-07-06 07:32:38 -------- d-----w- C:\Program Files (x86)\SkyPoker

2012-07-06 07:30:08 -------- d-----w- C:\Users\jimegg\AppData\Local\Adobe

2012-07-05 23:04:24 -------- d-----w- C:\Users\jimegg\AppData\Local\{CF1A5055-9DA3-4CEA-9790-6559E617C243}

2012-07-05 23:04:07 -------- d-----w- C:\Users\jimegg\AppData\Local\{D5CF42BC-222F-4C7D-90D7-C31B5EA2B344}

2012-07-05 02:00:23 -------- d-----w- C:\windows\en

2012-07-05 01:53:30 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-05 01:52:42 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll

2012-07-05 01:52:42 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll

2012-07-05 01:52:40 523088 ----a-w- C:\windows\System32\d3dx10_42.dll

2012-07-05 01:52:40 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll

2012-07-05 01:52:01 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll

2012-07-05 01:52:01 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll

2012-07-05 01:49:58 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7bdf66a51cd5a5002\MeshBetaRemover.exe

2012-07-05 01:49:57 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7aaeb6821cd5a5001\DXSETUP.exe

2012-07-05 01:49:57 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7aaeb6821cd5a5001\dsetup32.dll

2012-07-05 01:49:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7aaeb6821cd5a5001\DSETUP.dll

2012-07-05 01:47:45 -------- d-----w- C:\Users\jimegg\AppData\Local\{E576EFEF-78F1-4753-B132-696FED5B4367}

2012-07-05 01:47:16 -------- d-----w- C:\Users\jimegg\AppData\Local\{650F4ED1-E92B-4C16-9928-D029D1CBB2F8}

2012-07-03 21:02:19 -------- d-----w- C:\Users\jimegg\AppData\Local\{FA0046FC-610F-4F3E-A6B2-81B2B8A86182}

2012-07-03 21:02:03 -------- d-----w- C:\Users\jimegg\AppData\Local\{B333B21B-6FA3-44A9-B59B-2A730D7D1DFE}

2012-07-03 20:09:07 -------- d-----w- C:\Users\jimegg\AppData\Local\{2BDE213C-221D-4001-B1FB-E92FD5599417}

2012-07-03 20:08:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{F7FE8129-95EE-484D-A7E4-845779C6100E}

2012-07-02 23:16:45 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C95A7D0-9A79-49DF-873C-12628B2392CE}\gapaengine.dll

2012-07-02 23:00:14 -------- d-----w- C:\Users\jimegg\AppData\Local\{ECA5D408-8322-42DF-B66D-4A8AFC835DAD}

2012-07-02 13:59:33 294912 ----a-w- C:\windows\System32\browserchoice.exe

2012-07-01 18:29:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-07-01 18:28:53 -------- d-----w- C:\Program Files (x86)\PriceGong

2012-07-01 18:28:21 -------- d-----w- C:\Program Files (x86)\Yontoo

2012-07-01 18:28:16 -------- d-----w- C:\ProgramData\Tarma Installer

2012-07-01 18:27:42 -------- d-----w- C:\Program Files (x86)\Funmoods

2012-07-01 17:57:08 -------- d-----w- C:\Users\jimegg\AppData\Local\{0D2B43DF-E7C0-4C1F-98C4-82353E2DD40B}

2012-07-01 17:56:56 -------- d-----w- C:\Users\jimegg\AppData\Local\{69B1B882-DCDE-4283-83B6-92E989573EA2}

2012-07-01 17:34:11 -------- d-----w- C:\Users\jimegg\AppData\Local\{C97CEF49-7D6F-45DE-A5D7-B18C85F8006B}

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-07-01 04:58:19 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-07-01 04:54:50 -------- d-----w- C:\Users\jimegg\AppData\Local\Apple

2012-06-30 23:07:10 -------- d-----w- C:\Users\jimegg\AppData\Local\{AE3B55E3-42FC-4784-A463-CE5DC38C338C}

2012-06-30 23:06:52 -------- d-----w- C:\Users\jimegg\AppData\Local\{C856F421-A918-4D98-96F1-234B3E352D93}

2012-06-29 21:19:58 -------- d-----w- C:\Users\jimegg\AppData\Local\{EC6AB9BB-8D18-4AD7-8679-0D94088D4E6D}

2012-06-28 09:52:11 -------- d-----w- C:\Users\jimegg\AppData\Local\{A88FBC41-EF72-4286-9067-2653B61AFF18}

2012-06-28 09:51:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{7A59002A-1DC0-4883-87FB-9A0D71D51ED0}

2012-06-28 05:44:41 -------- d-----w- C:\Users\jimegg\AppData\Roaming\OpenCandy

2012-06-28 05:44:20 -------- d-----w- C:\Program Files (x86)\Veetle

2012-06-28 04:57:06 -------- d-----w- C:\Users\jimegg\AppData\Local\{788DE51C-2C65-47C3-8423-61AA4B31B38A}

2012-06-28 04:56:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{70C762CC-8278-410B-94C0-1C618A7D6012}

2012-06-27 12:36:18 -------- d-----w- C:\Users\jimegg\AppData\Local\{89E22EEE-CB8D-45C2-9521-0F6516BFEBAA}

2012-06-27 12:36:02 -------- d-----w- C:\Users\jimegg\AppData\Local\{B56AAF72-723E-4FFE-B42A-49572871BCA2}

2012-06-27 05:08:45 -------- d-----w- C:\Users\jimegg\AppData\Local\{2BC3C8BA-6DAF-42C1-8AF6-165B4B46B569}

2012-06-27 05:07:16 -------- d-----w- C:\Program Files (x86)\Iminent

2012-06-27 05:06:58 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-27 05:06:29 -------- d-----w- C:\Users\jimegg\AppData\Local\CRE

2012-06-27 05:06:23 -------- d-----w- C:\Program Files (x86)\Conduit

2012-06-27 05:06:18 -------- d-----w- C:\Users\jimegg\AppData\Local\Conduit

2012-06-27 05:05:49 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-06-27 05:03:46 -------- d-----w- C:\Users\jimegg\AppData\Roaming\uTorrent

2012-06-27 00:06:51 -------- d-----w- C:\Users\jimegg\AppData\Local\{894BDFDD-A725-4B53-94FD-44995DC75305}

2012-06-26 20:04:25 -------- d-----w- C:\Users\jimegg\AppData\Local\{7EED97D0-F073-4864-83D1-0A55CE51AD13}

2012-06-25 22:43:49 -------- d-----w- C:\Users\jimegg\AppData\Local\{31A271CD-E4DA-4238-A349-D7F962B52F8F}

2012-06-24 23:20:24 -------- d-----w- C:\Users\jimegg\AppData\Local\{CB9E4F59-DA33-4B16-96F7-095C6D085502}

2012-06-23 23:59:26 -------- d-----w- C:\Users\jimegg\AppData\Local\{A4E7A5DF-ABF6-4E73-A425-DEE07BCEE26D}

.

==================== Find3M ====================

.

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll

.

============= FINISH: 22:29:52.47 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/9/2012 4:28:03 PM

System Uptime: 7/22/2012 6:17:27 PM (4 hours ago)

.

Motherboard: LENOVO | | Inagua

Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 254 GiB total, 207.601 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 7.83 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: TCP/IP Protocol Driver

Device ID: ROOT\LEGACY_TCPIP\0000

Manufacturer:

Name: TCP/IP Protocol Driver

PNP Device ID: ROOT\LEGACY_TCPIP\0000

Service: Tcpip

.

==== System Restore Points ===================

.

RP24: 7/4/2012 6:49:58 PM - Windows Live Essentials

RP25: 7/4/2012 6:51:23 PM - Installed DirectX

RP26: 7/4/2012 6:52:09 PM - Installed DirectX

RP27: 7/4/2012 6:53:29 PM - WLSetup

RP28: 7/6/2012 1:58:19 PM - Windows Update

RP29: 7/8/2012 12:24:42 AM - Restore Operation

RP30: 7/8/2012 12:33:55 AM - Removed IMinent Toolbar

RP31: 7/8/2012 12:44:27 AM - Windows Update

RP32: 7/11/2012 3:00:17 AM - Windows Update

RP33: 7/14/2012 4:10:58 PM - Windows Update

RP34: 7/18/2012 11:54:34 AM - Windows Update

RP35: 7/19/2012 2:04:28 PM - Uniblue SpeedUpMyPC installation

RP36: 7/21/2012 5:08:24 PM - Windows Update

RP37: 7/21/2012 5:47:38 PM - Removed BabylonObjectInstaller

RP38: 7/22/2012 5:54:22 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

µTorrent

3Connect

Adobe AIR

Adobe Flash Player 11 ActiveX

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AudibleManager

avast! EasyPass

avast! Free Antivirus

Betsafe Poker 1.0.0

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDBurnerXP

Circus Poker

D3DX10

Energy Management

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

iLivid

Junk Mail filter update

KNOWHOW APP CENTRE

Ladbrokes Poker

Lenovo EasyCamera

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo YouCam

Lenovo_Wireless_Driver

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

ooVoo

PartyPoker

Picasa 3

PKR

PokerStars

Power2Go

PowerXpressHybrid

PriceGong 2.6.4

QuickTime

Searchqu Toolbar

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sky Poker

Stan James

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

UserGuide

Veetle TV

VeriFace

VLC media player 2.0.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

ZTE_1.2059.0.8

.

==== Event Viewer Messages From Past Week ========

.

7/22/2012 8:48:15 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 8:37:17 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.

7/22/2012 6:17:58 PM, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading

7/22/2012 6:17:58 PM, Error: Application Popup [1060] - \??\C:\windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/22/2012 1:00:17 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by 57578 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.20:123) is working properly.

.

==== End Of File ===========================

Hope im on the right track and you guys can help me out here,

cheers,Jim

Link to post
Share on other sites

Hello egghead! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

µTorrent

PriceGong 2.6.4

Searchqu Toolbar

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Can anyone confirm if Maniac is online, or whats the standard proceedure, do i now wait on maniac to return and continue , im not sure because iv had no answer since my last reply, im assuming hes just gone offline for the remainder and will resume this thread tomorrow....

Link to post
Share on other sites

Please take a look at my instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
On completion of the scan click save log, save it to your desktop and post in your next reply
In your next reply, post the following log files:
Can anyone confirm if Maniac is online, or whats the standard proceedure, do i now wait on maniac to return and continue , im not sure because iv had no answer since my last reply, im assuming hes just gone offline for the remainder and will resume this thread tomorrow....

I'm online when my account shows I'm online. I'm from Bulgaria and here we are at a different time zone.

Link to post
Share on other sites

OTL logfile created on: 7/22/2012 11:19:54 PM - Run 1

OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\jimegg\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 55.09% Memory free

7.21 Gb Paging File | 5.09 Gb Available in Paging File | 70.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254.14 Gb Total Space | 207.63 Gb Free Space | 81.70% Space Free | Partition Type: NTFS

Drive D: | 29.00 Gb Total Space | 7.83 Gb Free Space | 27.00% Space Free | Partition Type: NTFS

Computer Name: JIMEGG-PC | User Name: jimegg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 23:14:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jimegg\Downloads\OTL.exe

PRC - [2012/07/22 18:00:35 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2012/07/20 17:06:52 | 008,121,688 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStars\PokerStars.exe

PRC - [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/07/08 05:31:34 | 000,876,032 | ---- | M] () -- C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/03/10 10:13:46 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

PRC - [2011/01/28 16:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

PRC - [2010/01/19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

========== Modules (No Company Name) ==========

MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll

MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll

MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll

MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll

MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll

MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll

MOD - [2012/07/08 05:31:34 | 000,876,032 | ---- | M] () -- C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe

MOD - [2012/03/10 10:13:44 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/08/09 22:59:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/08/09 14:46:16 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/14 16:04:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/14 15:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/10 10:33:16 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2012/03/10 10:32:54 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2012/03/10 10:29:28 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)

DRV:64bit: - [2012/03/10 10:29:28 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/28 20:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/09/28 20:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/08/09 15:33:32 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/08/09 14:08:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/10 02:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/01/28 16:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/12/10 12:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)

DRV:64bit: - [2010/11/28 13:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/28 03:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/09/21 15:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)

DRV:64bit: - [2010/09/02 22:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/06/24 19:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/05/14 15:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/05/14 15:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/01/19 04:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV:64bit: - [2010/01/19 04:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV:64bit: - [2010/01/19 04:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV:64bit: - [2010/01/19 04:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)

DRV - [2010/01/19 04:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010/01/19 04:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010/01/19 04:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2010/01/19 04:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\massfilter.sys -- (massfilter)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=2912_4&babsrc=SP_ss&mntrId=c22c00730000000000006427375743d9

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB489

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/22 17:58:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/07/22 18:04:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/30 21:58:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/22 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Extensions

[2012/06/26 22:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions

[2012/06/26 22:06:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/07/22 23:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions

[2012/07/21 03:08:31 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\crossriderapp4479@crossrider.com

[2012/07/09 01:54:41 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com

[2012/07/01 11:28:22 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com

[2012/07/21 03:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\staged

[2012/07/21 03:10:13 | 000,002,519 | ---- | M] () -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\searchplugins\Search_Results.xml

[2012/07/22 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/07/21 03:08:25 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/21 03:10:13 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.iminent.com/?appId=7BFBCE47-B639-4851-B556-DCE8D9DBF1D9

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://search.iminent.com/?appId=7BFBCE47-B639-4851-B556-DCE8D9DBF1D9

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.3_0\

CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\

CHR - Extension: Turn Off the Lights = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\

CHR - Extension: Grooveshark = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blelaljgakacjdeaggpjilljobdmboff\1.7_0\

CHR - Extension: Scroll To Top Button = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp\6.1.9_0\

CHR - Extension: Liverpool FC Reader = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmapjkjepgghkjajoahicmggbabonhbp\0.4.0_0\

CHR - Extension: FB Photo Zoom = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\

CHR - Extension: Silver Bird = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.12_0\

CHR - Extension: PanicButton = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\

CHR - Extension: Radioplayer = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch\0.93_1\

CHR - Extension: Facebook for Chrome = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\3.1.6_0\

CHR - Extension: Click&Clean = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\

CHR - Extension: AdBlock = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: avast! WebRep = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Grammar and Spell Checker by Ginger = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh\0.1.0.24_0\

CHR - Extension: Simple Adblock = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.1_0\

CHR - Extension: +Photo Zoom = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0\

CHR - Extension: Facebook Notifications = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\

CHR - Extension: 365Scores Notifier = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko\1.5.5_0\

CHR - Extension: Hover Zoom = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.5_0\

CHR - Extension: Google Chrome to Phone Extension = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

CHR - Extension: Free Games = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnlkojnclefkippkkijniiobhpappnm\1.0_0\

CHR - Extension: Evernote Web Clipper = C:\Users\jimegg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - !{724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{724d43a0-0d85-11d4-9908-00400523e39a} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3662268462-3518825402-646425025-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-3662268462-3518825402-646425025-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A65966FD-1B39-4027-9F53-F93BA3973CB6}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{2f37fd7b-b2c7-11e1-ab90-6427375743d9}\Shell - "" = AutoRun

O33 - MountPoints2\{2f37fd7b-b2c7-11e1-ab90-6427375743d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{be2c3167-b2b7-11e1-b79a-6427375743d9}\Shell - "" = AutoRun

O33 - MountPoints2\{be2c3167-b2b7-11e1-b79a-6427375743d9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 23:09:32 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{CE6BD1B0-9563-4D11-90CC-C888C35F8AB3}

[2012/07/22 23:09:17 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{C5F6EB8B-BDFA-4BF8-865B-5B5A6556BAC7}

[2012/07/22 18:20:13 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{35D508B0-AAD2-4094-A51B-B57394B008C4}

[2012/07/22 18:13:21 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{12E9EEC5-E24A-4848-A5EC-6F707759BAEF}

[2012/07/22 18:12:32 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{6C639BC3-FE7D-47F5-9FE2-B9FB2E075D17}

[2012/07/22 18:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass

[2012/07/22 18:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm

[2012/07/22 18:03:04 | 000,000,000 | ---D | C] -- C:\Users\jimegg\Documents\My Avast EasyPass Data

[2012/07/22 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems

[2012/07/22 17:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/07/22 17:59:41 | 000,355,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012/07/22 17:59:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012/07/22 17:59:29 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2012/07/22 17:59:27 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2012/07/22 17:59:24 | 000,958,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012/07/22 17:59:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012/07/22 17:59:14 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012/07/22 17:57:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012/07/22 17:57:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012/07/22 17:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/07/22 17:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/07/22 16:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/22 16:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/22 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Malwarebytes

[2012/07/22 16:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/22 16:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/22 16:12:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/22 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/22 16:03:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{E47D68B4-4420-433E-865A-9BDFA98D719E}

[2012/07/22 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{A99647AB-9F6E-4753-AD64-8191D2656D59}

[2012/07/22 16:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/07/21 03:11:26 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Ilivid Player

[2012/07/21 03:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid

[2012/07/21 03:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar

[2012/07/21 03:08:31 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Giant Savings

[2012/07/21 03:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings

[2012/07/21 03:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer

[2012/07/21 03:07:53 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

[2012/07/20 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{F70A5F8C-ED73-44D6-8F86-EEF477F06AFE}

[2012/07/20 16:48:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{72FC5457-49E5-4B2D-A181-5755EA42B89E}

[2012/07/19 14:04:11 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Babylon

[2012/07/19 14:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/07/19 14:03:50 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\ExpressFiles

[2012/07/19 13:24:49 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{0416C744-7562-471A-B1DE-5FD8C5C80354}

[2012/07/19 13:24:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{AE267826-487A-40DA-A24E-329A5BAB679B}

[2012/07/18 17:45:02 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Canneverbe Limited

[2012/07/18 17:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2012/07/18 17:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP

[2012/07/18 11:42:59 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{544C8D90-562D-4B71-AC8D-A4F8759EA97F}

[2012/07/18 11:42:45 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{A2651276-C3B8-4941-8D22-8CA4386A6107}

[2012/07/17 20:49:50 | 000,000,000 | ---D | C] -- C:\Users\jimegg\Documents\pkr

Link to post
Share on other sites

[2012/07/17 11:39:00 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{7263C307-7409-453A-B074-034B7A785466}

[2012/07/17 11:38:47 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{300B8E1C-9210-4BD8-8DCF-51B16322010F}

[2012/07/17 03:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKR

[2012/07/17 03:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PKR

[2012/07/16 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Mozilla-Cache

[2012/07/16 18:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker

[2012/07/16 18:13:13 | 000,000,000 | ---D | C] -- C:\Programs

[2012/07/16 13:17:46 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{350F12D2-5589-4891-A12B-DC1299A3D1C2}

[2012/07/16 13:17:33 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{FA7F6848-79C1-4518-B384-A720DA41F4A4}

[2012/07/15 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{F74D5FAC-E3DC-41A4-B095-E82534A38DCD}

[2012/07/14 16:04:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012/07/14 16:03:45 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{994AAE84-F5CE-45C9-A349-C2A63EABAA3C}

[2012/07/14 16:03:30 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{68F437C7-4DF2-4BBD-82F3-2576D9F21825}

[2012/07/13 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{C9BBBC80-6D00-4DEB-93DC-89C7710F8062}

[2012/07/12 12:42:30 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{7F39A408-6CFC-4227-A121-3723C6B0EAF9}

[2012/07/12 12:42:18 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{01D7D31D-FF32-44E0-9087-233E9A599E71}

[2012/07/11 13:35:15 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{C2594993-41C1-4CFE-A7A2-EE39FE04C6AD}

[2012/07/11 13:35:00 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{860E8CA2-859C-42B5-A4C2-D74E1867A8E9}

[2012/07/10 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{8D7F4499-0B39-4EA4-99C9-FA00A2CCDB2F}

[2012/07/10 11:31:33 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{1EA6D522-32B7-4045-A541-DD8D22BF75A2}

[2012/07/09 16:49:41 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{57E65ACF-292D-443A-AC42-840B6F92C55E}

[2012/07/09 16:49:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{01D7FF39-60D9-48BD-A387-58D231E66D22}

[2012/07/09 04:09:30 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Audible

[2012/07/09 03:51:59 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\windows\SysWow64\awrdscdc.ax

[2012/07/09 03:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager

[2012/07/09 03:50:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible

[2012/07/09 03:50:38 | 000,000,000 | ---D | C] -- C:\Users\jimegg\Documents\Audible

[2012/07/09 03:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible

[2012/07/09 01:54:08 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{4FD9FEB2-A3FE-495A-B50B-4DEFAACD4983}

[2012/07/09 01:53:55 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{3158D9DC-27EE-42C4-B8DC-C4E3DDA3AF81}

[2012/07/08 13:34:12 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{FE34B595-CEC2-4BDC-AB0D-5D31C1C1837A}

[2012/07/08 13:33:59 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{DDD80168-3C20-4996-BD3A-33B07CF87B82}

[2012/07/08 00:30:37 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{7F4E7325-4085-4339-AFC5-6DB22ACF1102}

[2012/07/08 00:30:21 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{3FA2E478-2950-47BF-AA17-AEC5C651E55F}

[2012/07/08 00:14:44 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{9D548CC4-5C47-44CB-AA95-9EE0472EDAB0}

[2012/07/08 00:14:00 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{1BE3BA58-0E62-4932-87BF-42C3B4967B1C}

[2012/07/08 00:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM

[2012/07/08 00:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM

[2012/07/08 00:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNTERNET Turbo

[2012/07/08 00:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blinkx

[2012/07/06 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{D45EA169-C5E6-4677-9C08-EF1BD5815FF6}

[2012/07/06 17:45:02 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{F67E11C4-26F0-478D-8E1F-AEC60C926223}

[2012/07/06 05:44:19 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{BC58261A-98D7-43FE-9593-7365F72152E8}

[2012/07/06 05:43:56 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{EE2C6535-27CB-47D2-86E5-33A5641826BB}

[2012/07/06 00:33:13 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1

[2012/07/06 00:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/07/06 00:32:49 | 000,000,000 | ---D | C] -- C:\Users\jimegg\SkyPokerLogs

[2012/07/06 00:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkyPoker

[2012/07/06 00:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/07/06 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012/07/06 00:30:08 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Adobe

[2012/07/05 16:04:24 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{CF1A5055-9DA3-4CEA-9790-6559E617C243}

[2012/07/05 16:04:07 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{D5CF42BC-222F-4C7D-90D7-C31B5EA2B344}

[2012/07/04 19:00:23 | 000,000,000 | ---D | C] -- C:\windows\en

[2012/07/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{E576EFEF-78F1-4753-B132-696FED5B4367}

[2012/07/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{650F4ED1-E92B-4C16-9928-D029D1CBB2F8}

[2012/07/03 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{FA0046FC-610F-4F3E-A6B2-81B2B8A86182}

[2012/07/03 14:02:03 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{B333B21B-6FA3-44A9-B59B-2A730D7D1DFE}

[2012/07/03 13:09:07 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{2BDE213C-221D-4001-B1FB-E92FD5599417}

[2012/07/03 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{F7FE8129-95EE-484D-A7E4-845779C6100E}

[2012/07/02 16:00:14 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{ECA5D408-8322-42DF-B66D-4A8AFC835DAD}

[2012/07/01 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\vlc

[2012/07/01 11:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/07/01 11:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012/07/01 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo

[2012/07/01 11:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/07/01 11:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods

[2012/07/01 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{0D2B43DF-E7C0-4C1F-98C4-82353E2DD40B}

[2012/07/01 10:56:56 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{69B1B882-DCDE-4283-83B6-92E989573EA2}

[2012/07/01 10:34:11 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{C97CEF49-7D6F-45DE-A5D7-B18C85F8006B}

[2012/07/01 10:33:54 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Apple Computer

[2012/06/30 21:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/30 21:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012/06/30 21:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/06/30 21:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012/06/30 21:54:50 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Apple

[2012/06/30 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/06/30 21:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/06/30 16:07:10 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{AE3B55E3-42FC-4784-A463-CE5DC38C338C}

[2012/06/30 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{C856F421-A918-4D98-96F1-234B3E352D93}

[2012/06/29 14:19:58 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{EC6AB9BB-8D18-4AD7-8679-0D94088D4E6D}

[2012/06/28 02:52:11 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{A88FBC41-EF72-4286-9067-2653B61AFF18}

[2012/06/28 02:51:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{7A59002A-1DC0-4883-87FB-9A0D71D51ED0}

[2012/06/27 22:44:41 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\OpenCandy

[2012/06/27 22:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle

[2012/06/27 22:01:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Mozilla

[2012/06/27 22:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/06/27 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/06/27 22:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/06/27 21:57:06 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{788DE51C-2C65-47C3-8423-61AA4B31B38A}

[2012/06/27 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{70C762CC-8278-410B-94C0-1C618A7D6012}

[2012/06/27 21:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations

[2012/06/27 11:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stan James

[2012/06/27 05:36:18 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{89E22EEE-CB8D-45C2-9521-0F6516BFEBAA}

[2012/06/27 05:36:02 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{B56AAF72-723E-4FFE-B42A-49572871BCA2}

[2012/06/26 22:08:45 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{2BC3C8BA-6DAF-42C1-8AF6-165B4B46B569}

[2012/06/26 22:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent

[2012/06/26 22:06:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\CRE

[2012/06/26 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Mozilla

[2012/06/26 22:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/06/26 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Conduit

[2012/06/26 17:06:51 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{894BDFDD-A725-4B53-94FD-44995DC75305}

[2012/06/26 13:04:25 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{7EED97D0-F073-4864-83D1-0A55CE51AD13}

[2012/06/25 15:43:49 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{31A271CD-E4DA-4238-A349-D7F962B52F8F}

[2012/06/24 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{CB9E4F59-DA33-4B16-96F7-095C6D085502}

[2012/06/23 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\{A4E7A5DF-ABF6-4E73-A425-DEE07BCEE26D}

========== Files - Modified Within 30 Days ==========

[2012/07/22 23:23:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/22 23:16:00 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/22 23:16:00 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/22 23:13:17 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/22 23:13:17 | 000,626,278 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/22 23:13:17 | 000,107,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/22 23:08:16 | 000,169,421 | ---- | M] () -- C:\windows\SysNative\fastboot.set

[2012/07/22 23:07:38 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl

[2012/07/22 23:07:21 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/22 23:06:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/22 23:06:36 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/22 23:00:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/22 17:59:43 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/07/22 17:59:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012/07/22 16:19:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/22 16:13:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/21 03:11:25 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Play Games.lnk

[2012/07/21 03:11:25 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk

[2012/07/21 03:11:25 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk

[2012/07/21 03:09:05 | 000,000,345 | ---- | M] () -- C:\user.js

[2012/07/21 03:07:53 | 000,001,021 | ---- | M] () -- C:\Users\jimegg\Desktop\FLV Player.lnk

[2012/07/18 17:44:31 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012/07/17 03:13:33 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Play PKR Lite.lnk

[2012/07/17 03:13:33 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Play PKR.lnk

[2012/07/16 18:15:03 | 000,001,719 | ---- | M] () -- C:\Users\jimegg\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk

[2012/07/16 18:15:03 | 000,001,695 | ---- | M] () -- C:\Users\jimegg\Desktop\PartyPoker.lnk

[2012/07/11 18:47:58 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/07/11 13:34:00 | 000,000,363 | ---- | M] () -- C:\Users\jimegg\Documents\RecentPlaces.lnk

[2012/07/11 13:32:30 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/09 03:52:13 | 000,001,965 | ---- | M] () -- C:\Users\jimegg\Desktop\Audible Manager.lnk

[2012/07/09 03:51:59 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\windows\SysWow64\awrdscdc.ax

[2012/07/08 00:32:19 | 000,000,866 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog

[2012/07/08 00:08:01 | 000,000,000 | ---- | M] () -- C:\ProgramData\afeef81b20ad2a5767fe51669624b753_c

[2012/07/06 00:32:42 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\SkyPoker.lnk

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012/07/03 09:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012/07/01 11:30:29 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/30 21:57:53 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/28 02:57:35 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif

[2012/06/27 22:01:36 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/27 11:43:34 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Stan James.lnk

========== Files Created - No Company Name ==========

[2012/07/22 17:59:43 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/07/22 17:59:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012/07/22 16:19:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/22 16:13:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/21 03:11:25 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Play Games.lnk

[2012/07/21 03:11:25 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk

[2012/07/21 03:07:53 | 000,001,021 | ---- | C] () -- C:\Users\jimegg\Desktop\FLV Player.lnk

[2012/07/21 03:07:46 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk

[2012/07/19 14:05:35 | 000,000,345 | ---- | C] () -- C:\user.js

[2012/07/18 17:44:31 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012/07/18 17:44:31 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

[2012/07/17 03:13:33 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Play PKR Lite.lnk

[2012/07/17 03:13:33 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Play PKR.lnk

[2012/07/16 18:15:03 | 000,001,719 | ---- | C] () -- C:\Users\jimegg\Application Data\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk

[2012/07/16 18:15:03 | 000,001,695 | ---- | C] () -- C:\Users\jimegg\Desktop\PartyPoker.lnk

[2012/07/14 16:04:52 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/07/09 03:52:13 | 000,001,965 | ---- | C] () -- C:\Users\jimegg\Desktop\Audible Manager.lnk

[2012/07/08 00:08:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\afeef81b20ad2a5767fe51669624b753_c

[2012/07/06 00:32:42 | 000,000,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkyPoker.lnk

[2012/07/06 00:32:42 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\SkyPoker.lnk

[2012/07/01 11:30:29 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/30 21:57:53 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/30 21:54:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/06/27 22:01:36 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/06/27 22:01:36 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/27 11:43:34 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Stan James.lnk

[2012/06/26 22:07:52 | 000,000,866 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog

[2012/06/09 23:45:34 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\drivers\mdvrmng.sys

[2012/06/09 19:05:24 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/06/09 18:48:26 | 000,017,408 | ---- | C] () -- C:\Users\jimegg\AppData\Local\WebpageIcons.db

[2012/03/10 10:39:58 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin

[2012/03/10 10:39:58 | 000,000,512 | ---- | C] () -- C:\windows\current.bin

[2012/03/10 10:13:58 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll

[2012/03/10 10:13:58 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2012/03/10 10:13:58 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2012/03/10 10:13:58 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll

[2012/03/10 10:13:37 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2012/03/10 09:49:37 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini

[2012/03/10 09:49:37 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini

[2012/03/10 09:34:30 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2012/03/10 09:30:07 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011/08/09 22:56:20 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2012/07/19 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\Babylon

[2012/06/09 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\Birdstep Technology

[2012/07/18 17:45:02 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\Canneverbe Limited

[2012/07/06 00:33:13 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1

[2012/07/19 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\ExpressFiles

[2012/07/18 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\Microgaming

[2012/07/18 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\jimegg\AppData\Roaming\OpenCandy

[2009/07/13 22:08:49 | 000,021,868 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-22 23:49:53

-----------------------------

23:49:53.344 OS Version: Windows x64 6.1.7601 Service Pack 1

23:49:53.344 Number of processors: 2 586 0x100

23:49:53.344 ComputerName: JIMEGG-PC UserName: jimegg

23:49:56.129 Initialize success

23:49:57.162 AVAST engine defs: 12072302

23:50:02.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067

23:50:02.793 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11

23:50:02.887 Disk 0 MBR read successfully

23:50:02.903 Disk 0 MBR scan

23:50:02.918 Disk 0 Windows 7 default MBR code

23:50:02.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

23:50:03.105 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648

23:50:03.105 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312

23:50:03.246 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528

23:50:03.402 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360

23:50:03.605 Disk 0 scanning C:\windows\system32\drivers

23:50:17.761 Service scanning

23:50:48.513 Modules scanning

23:50:49.059 Disk 0 trace - called modules:

23:50:49.090 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys

23:50:49.106 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004120060]

23:50:49.137 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8003fd2780]

23:50:49.153 5 amd_xata.sys[fffff880010667a8] -> nt!IofCallDriver -> [0xfffffa8003fd2040]

23:50:49.168 7 ACPI.sys[fffff88000efe7a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8003c07640]

23:50:50.665 AVAST engine scan C:\windows

23:50:54.504 AVAST engine scan C:\windows\system32

23:54:46.931 AVAST engine scan C:\windows\system32\drivers

23:55:03.586 AVAST engine scan C:\Users\jimegg

23:57:42.332 Disk 0 MBR has been saved successfully to "C:\Users\jimegg\Downloads\MBR.dat"

23:57:42.363 The log file has been saved successfully to "C:\Users\jimegg\Downloads\aswMBR.txt"

Hope this is ok mate sorry for confusion

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=2912_4&babsrc=SP_ss&mntrId=c22c00730000000000006427375743d9
    IE - HKU\S-1-5-21-3662268462-3518825402-646425025-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
    [2012/06/26 22:06:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/09 01:54:41 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com
    [2012/07/01 11:28:22 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com
    [2012/07/21 03:10:13 | 000,002,519 | ---- | M] () -- C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\searchplugins\Search_Results.xml
    [2012/07/21 03:08:25 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/07/21 03:10:13 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    CHR - homepage: http://search.iminent.com/?appId=7BFBCE47-B639-4851-B556-DCE8D9DBF1D9
    CHR - homepage: http://search.iminent.com/?appId=7BFBCE47-B639-4851-B556-DCE8D9DBF1D9
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O4 - HKU\S-1-5-21-3662268462-3518825402-646425025-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found
    O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar" File not found
    [2012/07/19 14:04:11 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Roaming\Babylon
    [2012/07/19 14:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/07/21 03:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
    [2012/07/22 16:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2012/07/08 00:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
    [2012/07/08 00:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
    012/07/01 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
    [2012/07/01 11:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/07/01 11:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
    [2012/06/26 22:06:29 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\CRE
    [2012/06/26 22:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/06/26 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\jimegg\AppData\Local\Conduit

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Heres the results Maniac, appreciate your help thus far,

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKU\S-1-5-21-3662268462-3518825402-646425025-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

HKEY_USERS\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Search Results" removed from browser.search.selectedEngine

Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage

Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" removed from keyword.URL

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\ffxtlbr@funmoods.com folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\skin folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\locale folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\defaults folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com\content folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\extensions\plugin@yontoo.com folder moved successfully.

C:\Users\jimegg\AppData\Roaming\Mozilla\Firefox\Profiles\3uq4laqp.default\searchplugins\Search_Results.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to change the HomePage.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_USERS\S-1-5-21-3662268462-3518825402-646425025-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.

C:\Users\jimegg\AppData\Roaming\Babylon folder moved successfully.

C:\ProgramData\Babylon folder moved successfully.

Folder C:\Program Files (x86)\Searchqu Toolbar\ not found.

C:\ProgramData\boost_interprocess\BE232EEA5D68CD01 folder moved successfully.

C:\ProgramData\boost_interprocess folder moved successfully.

C:\ProgramData\SweetIM\Messenger\update folder moved successfully.

C:\ProgramData\SweetIM\Messenger\logs folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully.

C:\ProgramData\SweetIM\Messenger\data folder moved successfully.

C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.

C:\ProgramData\SweetIM\Messenger\conf folder moved successfully.

C:\ProgramData\SweetIM\Messenger folder moved successfully.

C:\ProgramData\SweetIM folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.

C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.

C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.

C:\Program Files (x86)\SweetIM folder moved successfully.

C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Cache folder moved successfully.

C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053} folder moved successfully.

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.

C:\ProgramData\Tarma Installer folder moved successfully.

Folder C:\Program Files (x86)\Funmoods\ not found.

C:\Users\jimegg\AppData\Local\CRE folder moved successfully.

C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.

C:\Program Files (x86)\Conduit folder moved successfully.

C:\Users\jimegg\AppData\Local\Conduit folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\jimegg\Downloads\cmd.bat deleted successfully.

C:\Users\jimegg\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56478 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: jimegg

->Temp folder emptied: 13190896 bytes

->Temporary Internet Files folder emptied: 5664783 bytes

->FireFox cache emptied: 43717787 bytes

->Google Chrome cache emptied: 9734438 bytes

->Flash cache emptied: 15257411 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3163373 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 87.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.1 log created on 07232012_161729

Files\Folders moved on Reboot...

C:\Users\jimegg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\jimegg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Im a bit strapped for cash at the minute but i will add you in for future donation for sure, because this is great service and who knows, i can see myself coming back here in the furture,

note:just seen small print which is why i didnt address it in above post :),

Jim.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.