Jump to content

Recommended Posts

Tried following instructions in forum link http://forums.malwarebytes.org/index.php?showtopic=85715 with no success. Still unable to load or install Malwarebytes or other anti-spyware programs available. Please help! dds.txt and attach.txt files copied and pasted as follows:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_26

Run by John at 18:39:51 on 2013-02-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8183.6211 [GMT 8:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe

C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe

C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Windows\runservice.exe

C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\SnugTV\SnugTV Station\QuickStart.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Users\John\Desktop\procexp.exe

C:\Users\John\Desktop\procexp64.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [1] C:\Users\John\Desktop\mbam-chameleon.exe /r /p

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERQU~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNUGTV~1.LNK - C:\Windows\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{557B1535-73FF-40DE-84FB-B3E6F0B29BE3} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{72207755-80ED-4943-AA2A-3ED96CED909C} : DHCPNameServer = 10.143.147.147 10.143.147.148

TCP: Interfaces\{FE4A0E39-AD47-495E-B83B-609C465CD7F2} : DHCPNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: ScCertProp - <no file>

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-12-21 09:33; wrc@avast.com; C:\Program Files\Alwil Software\Avast5\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-1-8 1263200]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-29 601944]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-3 301912]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-1-8 3246040]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-5 203776]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-3 24408]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-3 65368]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-12-20 44808]

R2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2011-5-6 348160]

R2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-5-6 397312]

R2 AVerUpdateServer;AVerUpdateServer;C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-1-6 168448]

R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2013-1-20 2560]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-3 1153368]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 SnugTV Service;SnugTV Service;C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2011-1-5 570880]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-1-8 285280]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-28 408680]

R3 TRIDCap;AVerMedia service;C:\Windows\System32\drivers\AVerTM62_x64.sys [2011-5-6 1593216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-8 129440]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-12 19456]

S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-12 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-31 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\John\Downloads\RealTemp_370\WinRing0x64.sys [2013-1-9 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-02-03 09:23:50 -------- d-----w- C:\Windows\pss

2013-02-03 08:49:48 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-03 08:35:02 98816 ----a-w- C:\Windows\sed.exe

2013-02-03 08:35:02 256000 ----a-w- C:\Windows\PEV.exe

2013-02-03 08:35:02 208896 ----a-w- C:\Windows\MBR.exe

2013-02-03 02:47:14 -------- d-----w- C:\Users\John\AppData\Local\{75525110-B219-4D25-91DD-46F35C3DE977}

2013-02-02 03:04:40 -------- d-----w- C:\Program Files (x86)\uTorrent

2013-02-02 02:55:31 -------- d-----w- C:\Users\John\AppData\Roaming\BitTorrent

2013-02-02 02:18:42 -------- d-----w- C:\Users\John\AppData\Local\{FE26A84B-B467-4239-BE2E-68B32502EA52}

2013-02-01 10:27:26 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A2850E8-7929-4EBB-A227-9A22B1BD7707}\mpengine.dll

2013-02-01 07:14:29 -------- d-----w- C:\Users\John\AppData\Local\Programs

2013-02-01 02:09:01 -------- d-----w- C:\Users\John\AppData\Local\{0C196007-DA70-4867-8D29-34511A2051E9}

2013-01-31 14:08:36 -------- d-----w- C:\Users\John\AppData\Local\{2B42EEB7-2D35-4720-B82C-E013BB038C80}

2013-01-30 10:01:51 -------- d-----w- C:\Users\John\AppData\Local\{67883E21-003C-48E1-B1FA-B91EC2B012AE}

2013-01-29 12:46:41 -------- d-----w- C:\Users\John\AppData\Local\{C97C12C6-8B96-419F-85E0-937DD20E7186}

2013-01-28 03:47:07 -------- d-----w- C:\Users\John\AppData\Local\{078C3D0E-9763-4C55-93F7-C96A7A882061}

2013-01-27 15:46:42 -------- d-----w- C:\Users\John\AppData\Local\{B03EBEA4-EF68-4408-BA27-82C63B98B3E1}

2013-01-27 02:44:16 -------- d-----w- C:\Users\John\AppData\Local\{7399CBAD-BA95-4516-8F33-F4788990C7EE}

2013-01-26 09:13:04 -------- d-----w- C:\Users\John\AppData\Local\{6EA6D1B1-7CAE-40DE-AA6E-6B049E461F85}

2013-01-24 09:51:55 -------- d-----w- C:\Users\John\AppData\Local\{49FE822E-66A8-45AD-8E6D-9F0F9A8FB62E}

2013-01-22 08:29:52 -------- d-----w- C:\Users\John\AppData\Local\{8710CE29-8AB5-44D8-A781-2CC829E9CBCA}

2013-01-20 06:54:21 -------- d-----w- C:\Users\John\AppData\Roaming\Childish Things

2013-01-20 06:49:08 126976 ----a-w- C:\Windows\lcmmfu.cpl

2013-01-20 06:49:07 681 --sha-w- C:\Windows\SysWow64\mmf.sys

2013-01-20 06:49:07 48640 ----a-w- C:\Windows\mmfs.dll

2013-01-20 06:49:07 2560 ----a-w- C:\Windows\Runservice.exe

2013-01-20 06:48:49 -------- d-----w- C:\Program Files (x86)\Childish Things

2013-01-20 04:57:23 -------- d-----w- C:\Users\John\AppData\Local\{561283BE-B2B1-4C22-A48E-75BA7EC748BB}

2013-01-18 00:29:15 -------- d-----w- C:\Users\John\AppData\Local\{AC4695FC-DE74-4D83-AB48-50536543036A}

2013-01-17 04:31:36 -------- d-----w- C:\Users\John\AppData\Local\{03684BE7-5B5D-42EC-A173-8332729D3D08}

2013-01-12 12:13:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-01-12 12:13:49 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-01-12 12:13:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-01-12 12:13:49 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-01-12 12:13:49 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-01-12 12:13:49 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-01-12 12:13:49 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-01-12 12:13:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-01-12 12:13:45 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-01-12 08:41:48 -------- d-----w- C:\Users\John\AppData\Local\{4D400E06-472C-435B-9688-DE6AAC317E36}

2013-01-09 20:25:57 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 20:25:57 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 19:58:17 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-09 19:57:39 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-09 19:57:38 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-09 11:49:55 -------- d-----w- C:\Users\John\AppData\Local\{3A7BB912-B5B0-47B0-8024-8BDBDF44D1DC}

2013-01-09 11:18:22 -------- d-----w- C:\Users\John\AppData\Local\{C529FA4F-8405-474D-988E-FA4EB8058EA3}

2013-01-08 01:41:52 -------- d-----w- C:\Users\John\AppData\Local\{8AB995D0-2C30-4399-9454-36BD518090F3}

2013-01-07 13:41:18 -------- d-----w- C:\Users\John\AppData\Local\{CAE5EB67-82B6-4ECB-B71E-F22C18AB5F62}

2013-01-07 10:34:10 -------- d-----w- C:\Users\John\AppData\Local\Logitech® Webcam Software

2013-01-07 01:40:45 -------- d-----w- C:\Users\John\AppData\Local\{3E421A98-AA54-46D4-AD44-F7B50CA210C7}

2013-01-06 04:35:43 -------- d-----w- C:\Users\John\AppData\Local\{34DCCAD3-6F23-451B-BD57-ED41EE833DF4}

2013-01-05 16:34:51 -------- d-----w- C:\Users\John\AppData\Local\{41107935-00ED-46AA-B630-9BB48CF538FE}

.

==================== Find3M ====================

.

2013-01-16 17:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-12 10:35:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-12 10:35:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 18:40:05.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 28/12/2010 1:51:33 PM

System Uptime: 4/02/2013 6:31:29 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3R

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | Socket 1156 | 2926/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 52.426 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 932 GiB total, 508.686 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&304316D0&0&00E2

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

3DMark 11

7-Zip 9.20 (x64 edition)

Acronis True Image Home 2011

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

µTorrent

Audacity 2.0.2

avast! Free Antivirus

AVer MediaCenter 3D

AVerMedia Applications

AVerMedia H727 PCIe TV Tuner 1.12.64.32

Bonjour

Bullzip PDF Printer 7.2.0.1304

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help English

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

DVDFab 8.0.3.2 (30/10/2010)

EPSON TX700W Series Printer Uninstall

erLT

Facebook Video Calling 1.2.0.287

Futuremark SystemInfo

GPL Ghostscript Lite 8.70

Grand Theft Auto

GTA2

ImgBurn

International Cricket Captain 2010

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

LAME v3.98.3 for Audacity

LAME v3.99.3 (for Windows)

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 18.0.1 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

QuickTime

Realtek Ethernet Controller Driver

Rockstar Games Social Club

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.0

SmartBadge2 Connection Kit for (non-GIL) - 1.1

SnugTV Station

Spybot - Search & Destroy

Steam

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VLC media player 1.1.6

Winamp

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR 4.00 beta 7 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

4/02/2013 6:32:12 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

4/02/2013 6:32:12 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

4/02/2013 6:32:12 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

4/02/2013 6:14:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x8004a026'. Restart your computer, and then restart the WMPNetworkSvc service.

4/02/2013 6:13:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/02/2013 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/02/2013 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/02/2013 6:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/02/2013 6:13:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/02/2013 6:12:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/02/2013 6:12:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/02/2013 6:12:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/02/2013 4:40:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/02/2013 4:39:22 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

3/02/2013 4:35:43 PM, Error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).

3/02/2013 4:34:53 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

3/02/2013 1:01:10 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

1/02/2013 2:42:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum, looks like you have Windows Defender enabled.

Please disable it and just leave Avast running:

http://www.howtogeek...ow-turn-it-off/

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

-------------------------------------

Next:

Java™ 6 Update 26 <----------uninstall from add/remove programs

Download and install the latest version of Java from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-----------------------------------------

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Woops. My bad forgetting to disable Windows Defender. Uninstalled Java and installed latest 64-bit version. Ran RogueKiller as adminstrator, hit scan button and posted report as follows:

RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : John [Admin rights]

Mode : Scan -- Date : 02/04/2013 21:11:10

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableCMD (0) -> FOUND

[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableCMD (0) -> FOUND

[HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableCMD (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Services\Microsoft\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1003FBYX-01Y7B0 ATA Device +++++

--- User ---

[MBR] 94c9b13a510c258dd32553ddba47c645

[bSP] d8ab1177a93b79edd8fe036e033b63b9 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: OCZ-VERTEX2 ATA Device +++++

--- User ---

[MBR] 374c8da40f742cbabf84b286bea2ff35

[bSP] ae127c08320655daeebbc78da4e5227d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02042013_02d2111.txt >>

RKreport[1]_S_02042013_02d2111.txt

Link to post
Share on other sites

OK, not much showing...lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Not seeing much............

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

That was probably one of the slowest scans this PC has performed, but here it is:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=4d7ddc2b649184468b17742b5a016a51

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-04 03:53:29

# local_time=2013-02-04 11:53:29 (+0800, W. Australia Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 0 111623059 0 0

# scanned=276451

# found=4

# cleaned=0

# scan_time=3964

C:\Program Files (x86)\Childish Things\International Cricket Captain 2010\Cricket.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan DB8CF88863B30D4D6BD3E6C90E1A2CD0EDCA5AEB I

C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2c228706-409551f4 a variant of Java/Exploit.Blacole.AN trojan CC7B1B95EAAEDE04ECBC1B56E0AEB4B0EEF75B15 I

E:\My documents\Old PC Files\Miscellaneous\emule_speed_booster_free.exe Win32/Adware.NdotNet application F8CE223CAE779F8EE9740915FF5C938F90804058 I

E:\My programs\Eiran's Programs\useful programs\SetupImgBurn_2.5.4.0.exe a variant of Win32/Bundled.Toolbar.Ask application E6ED8D6FF3BD79FFAA9301940AC1BD0D2599D126 I

Link to post
Share on other sites

µTorrent <-----installed

I missed this. no wonder you're infected.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

Go here and follow the instructions to clear your Java Cache

Delete these two files:

C:\Program Files (x86)\Childish Things\International Cricket Captain 2010\Cricket.exe

E:\My programs\Eiran's Programs\useful programs\SetupImgBurn_2.5.4.0.exe

Next................

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Okay MrC,

uTorrent uninstalled. Java Cache cleared, two .exe files removed. Managed to finally run adwcleaner.exe as adminstrator after right clicking and attempting to launch the application a dozen or so times - no error messages displayed, nothing. Here's the log

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 18:04:44

# Updated 03/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : John - JOHN-PC

# Boot Mode : Normal

# Running from : C:\Users\John\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\John\AppData\Local\Conduit

Folder Found : C:\Users\John\AppData\LocalLow\Conduit

Folder Found : C:\Users\John\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\Conduit

Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\ConduitCommon

Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\CT2786678

Folder Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\TENCENT

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\prefs.js

Found : user_pref("CT2786678..clientLogIsEnabled", false);

Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 14:08:57 GMT+0800");

Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Found : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);

Found : user_pref("CT2786678.CTID", "CT2786678");

Found : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");

Found : user_pref("CT2786678.CurrentServerDate", "5-2-2013");

Found : user_pref("CT2786678.DialogsAlignMode", "LTR");

Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Feb 04 2013 18:03:14 GMT+0800");

Found : user_pref("CT2786678.DownloadReferralCookieData", "");

Found : user_pref("CT2786678.EMailNotifierPollDate", "Tue Feb 05 2013 17:56:39 GMT+0800");

Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);

Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);

Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);

Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);

Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);

Found : user_pref("CT2786678.FirstServerDate", "12-6-2011");

Found : user_pref("CT2786678.FirstTime", true);

Found : user_pref("CT2786678.FirstTimeFF3", true);

Found : user_pref("CT2786678.FixPageNotFoundErrors", false);

Found : user_pref("CT2786678.GroupingInvalidateCache", false);

Found : user_pref("CT2786678.GroupingLastCheckTime", "0");

Found : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");

Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2786678.HasUserGlobalKeys", true);

Found : user_pref("CT2786678.HomePageProtectorEnabled", false);

Found : user_pref("CT2786678.Initialize", true);

Found : user_pref("CT2786678.InitializeCommonPrefs", true);

Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Found : user_pref("CT2786678.InstalledDate", "Sun Jun 12 2011 08:05:03 GMT+0800");

Found : user_pref("CT2786678.InvalidateCache", false);

Found : user_pref("CT2786678.IsAlertDBUpdated", true);

Found : user_pref("CT2786678.IsGrouping", false);

Found : user_pref("CT2786678.IsMulticommunity", false);

Found : user_pref("CT2786678.IsOpenThankYouPage", true);

Found : user_pref("CT2786678.IsOpenUninstallPage", false);

Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Mon Feb 04 2013 18:03:14 GMT+0800");

Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2786678.LastLogin_3.10.0.1", "Wed Apr 18 2012 18:17:43 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Tue May 01 2012 00:28:37 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.12.2.3", "Sat Jun 09 2012 19:22:51 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 09:49:50 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Thu Aug 02 2012 18:50:19 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.16.0.3", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Aug 18 2011 11:09:45 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 22 2011 23:05:17 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.7.0.6", "Fri Nov 11 2011 15:56:18 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.8.0.8", "Sat Dec 10 2011 14:08:55 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.8.1.0", "Thu Jan 12 2012 07:35:38 GMT+0800");

Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Fri Mar 09 2012 14:12:37 GMT+0800");

Found : user_pref("CT2786678.LatestVersion", "3.16.0.3");

Found : user_pref("CT2786678.Locale", "en");

Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Found : user_pref("CT2786678.MCDetectTooltipShow", false);

Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2786678.RadioLastCheckTime", "0");

Found : user_pref("CT2786678.RadioLastUpdateIPServer", "0");

Found : user_pref("CT2786678.RadioLastUpdateServer", "0");

Found : user_pref("CT2786678.SHRINK_TOOLBAR", 1);

Found : user_pref("CT2786678.SearchBoxWidth", 150);

Found : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Found : user_pref("CT2786678.SearchInNewTabEnabled", true);

Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Feb 04 2013 18:03:13 GMT+0800");

Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT2786678.SearchProtectorEnabled", false);

Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Mon Feb 04 2013 18:03:13 GMT+0800");

Found : user_pref("CT2786678.SettingsLastCheckTime", "Tue Feb 05 2013 17:46:26 GMT+0800");

Found : user_pref("CT2786678.SettingsLastUpdate", "1360053619");

Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jan 26 2013 17:13:51 GMT+0800");

Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2786678.UserID", "UN06742498924217330");

Found : user_pref("CT2786678.ValidationData_Search", 2);

Found : user_pref("CT2786678.ValidationData_Toolbar", 2);

Found : user_pref("CT2786678.WeatherNetwork", "");

Found : user_pref("CT2786678.WeatherPollDate", "Tue Feb 05 2013 17:46:27 GMT+0800");

Found : user_pref("CT2786678.WeatherUnit", "C");

Found : user_pref("CT2786678.alertChannelId", "1178763");

Found : user_pref("CT2786678.approveUntrustedApps", false);

Found : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Found : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Found : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Found : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]

Found : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Found : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Found : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F706B6C70726F");

Found : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675767172767875242F4B4947[...]

Found : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Found : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Found : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Found : user_pref("CT2786678.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Found : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...]

Found : user_pref("CT2786678.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...]

Found : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Found : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Found : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Found : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Found : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Found : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]

Found : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Found : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Found : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Found : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Found : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Found : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Found : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Found : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Found : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Found : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Found : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Found : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Found : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Found : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Found : user_pref("CT2786678.backendstorage./9b-0?3g>d", "663B3B3C6C7341407A45464679204A754E7E257B7E25522A54[...]

Found : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");

Found : user_pref("CT2786678.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Found : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Found : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");

Found : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]

Found : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "3B676C3E3F4072407A7271787673497D7C204C4F7D");

Found : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F706B6C716E74747672");

Found : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");

Found : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");

Found : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");

Found : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Found : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");

Found : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Found : user_pref("CT2786678.backendstorage.cb_experience_000", "333938");

Found : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");

Found : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423635373038353230383034385F46697265666F78")[...]

Found : user_pref("CT2786678.backendstorage.cb_user_id_002", "43423238313634383931383731335F46697265666F78")[...]

Found : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");

Found : user_pref("CT2786678.backendstorage.cbcountry_001", "4155");

Found : user_pref("CT2786678.backendstorage.cbfirsttime", "5765642053657020323820323031312031363A33363A34372[...]

Found : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");

Found : user_pref("CT2786678.backendstorage.facebook_mode", "32");

Found : user_pref("CT2786678.backendstorage.facebook_user_locale", "656E");

Found : user_pref("CT2786678.backendstorage.pairingkey", "");

Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Found : user_pref("CT2786678.backendstorage.searchappstate", "33");

Found : user_pref("CT2786678.backendstorage.searchapptracking", "31");

Found : user_pref("CT2786678.backendstorage.undefined", "5361742046656220303420323031322030303A31313A3030204[...]

Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E706F726E6875622E636F6D2F766[...]

Found : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F666F72756D732E6D616C77617265627[...]

Found : user_pref("CT2786678.backendstorage.url_history_time", "31333238363834353831363135");

Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32373439382C226C6162656C223A5B5D[...]

Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sat Jan 26 2013 20:21:28 GMT+0800");

Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2786678.initDone", true);

Found : user_pref("CT2786678.isAppTrackingManagerOn", false);

Found : user_pref("CT2786678.myStuffEnabled", true);

Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]

Found : user_pref("CT2786678.revertSettingsEnabled", true);

Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Found : user_pref("CT2786678.testingCtid", "");

Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon Feb 04 2013 18:03:14 GMT+0800");

Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Feb 03 2013 13:18:56 GMT+0800");

Found : user_pref("CT2786678.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/AU", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"")[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"588[...]

Found : user_pref("CommunityToolbar.EngineOwner", "");

Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");

Found : user_pref("CommunityToolbar.IsEngineShown", true);

Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\John\\AppData\\Roaming\\Mozilla\\Fi[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]

Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");

Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");

Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 08:05:05 GMT+08[...]

Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 17 2011 19:54:21 GMT+0800");

Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.alert.locale", "en");

Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 17 2011 19:54:13 GMT+0800");

Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.alert.userId", "1ad0752c-c65a-4c28-ac4f-1f00479479c7");

Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 15 2012 10:05:21 GMT+0800");

Found : user_pref("CommunityToolbar.globalUserId", "bb8155a5-3d89-4bb3-a1ae-982d37f3eb6c");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.killedEngine", true);

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jan 31 2013 22:08:4[...]

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Feb 04 2013 18:03:22 GMT+080[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Feb 04 2013 18:03:14 GMT+0800");

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "963cae53-6939-48c1-9623-8fefd1eb3964");

Found : user_pref("CommunityToolbar.undefined", "");

-\\ Google Chrome v [unable to get version]

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25798 octets] - [05/02/2013 18:04:44]

########## EOF - C:\AdwCleaner[R1].txt - [25859 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Okay here's the log after clicking the delete button:

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 21:31:55

# Updated 03/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : John - JOHN-PC

# Boot Mode : Normal

# Running from : C:\Users\John\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\John\AppData\Local\Conduit

Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\John\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\Conduit

Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\ConduitCommon

Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\CT2786678

Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);

Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 14:08:57 GMT+0800");

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);

Deleted : user_pref("CT2786678.CTID", "CT2786678");

Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");

Deleted : user_pref("CT2786678.CurrentServerDate", "5-2-2013");

Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Feb 04 2013 18:03:14 GMT+0800");

Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");

Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Feb 05 2013 21:24:34 GMT+0800");

Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 500);

Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Feb 05 2013 21:28:29 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Feb 05 2013 21:28:29 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Feb 05 2013 21:28:29 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Feb 05 2013 21:28:29 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2786678.FirstServerDate", "12-6-2011");

Deleted : user_pref("CT2786678.FirstTime", true);

Deleted : user_pref("CT2786678.FirstTimeFF3", true);

Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);

Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");

Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");

Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);

Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2786678.Initialize", true);

Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);

Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2786678.InstalledDate", "Sun Jun 12 2011 08:05:03 GMT+0800");

Deleted : user_pref("CT2786678.InvalidateCache", false);

Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);

Deleted : user_pref("CT2786678.IsGrouping", false);

Deleted : user_pref("CT2786678.IsMulticommunity", false);

Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);

Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);

Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Feb 05 2013 18:03:15 GMT+0800");

Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2786678.LastLogin_3.10.0.1", "Wed Apr 18 2012 18:17:43 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Tue May 01 2012 00:28:37 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Sat Jun 09 2012 19:22:51 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Jul 17 2012 09:49:50 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Thu Aug 02 2012 18:50:19 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Tue Feb 05 2013 17:46:27 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Aug 18 2011 11:09:45 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 22 2011 23:05:17 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Fri Nov 11 2011 15:56:18 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Sat Dec 10 2011 14:08:55 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Thu Jan 12 2012 07:35:38 GMT+0800");

Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Fri Mar 09 2012 14:12:37 GMT+0800");

Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");

Deleted : user_pref("CT2786678.Locale", "en");

Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);

Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");

Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");

Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");

Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT2786678.SearchBoxWidth", 150);

Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Feb 05 2013 18:03:13 GMT+0800");

Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);

Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Feb 05 2013 18:03:13 GMT+0800");

Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Feb 05 2013 21:28:28 GMT+0800");

Deleted : user_pref("CT2786678.SettingsLastUpdate", "1360053619");

Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jan 26 2013 17:13:51 GMT+0800");

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2786678.UserID", "UN06742498924217330");

Deleted : user_pref("CT2786678.ValidationData_Search", 2);

Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2786678.WeatherNetwork", "");

Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Feb 05 2013 21:17:21 GMT+0800");

Deleted : user_pref("CT2786678.WeatherUnit", "C");

Deleted : user_pref("CT2786678.alertChannelId", "1178763");

Deleted : user_pref("CT2786678.approveUntrustedApps", false);

Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F706B6C70726F");

Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675767172767875242F4B4947[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "663B3B3C6C7341407A45464679204A754E7E257B7E25522A54[...]

Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT2786678.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");

Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]

Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "3B676C3E3F4072407A7271787673497D7C204C4F7D");

Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F706B6C716E74747672");

Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT2786678.backendstorage.cb_experience_000", "333938");

Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423635373038353230383034385F46697265666F78")[...]

Deleted : user_pref("CT2786678.backendstorage.cb_user_id_002", "43423238313634383931383731335F46697265666F78")[...]

Deleted : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "4155");

Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5765642053657020323820323031312031363A33363A34372[...]

Deleted : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");

Deleted : user_pref("CT2786678.backendstorage.facebook_mode", "32");

Deleted : user_pref("CT2786678.backendstorage.facebook_user_locale", "656E");

Deleted : user_pref("CT2786678.backendstorage.pairingkey", "");

Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2786678.backendstorage.searchappstate", "33");

Deleted : user_pref("CT2786678.backendstorage.searchapptracking", "31");

Deleted : user_pref("CT2786678.backendstorage.undefined", "5361742046656220303420323031322030303A31313A3030204[...]

Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E706F726E6875622E636F6D2F766[...]

Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F6E6577732E6E696E656D736E2E636F6[...]

Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333238363834353831363135");

Deleted : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32373439382C226C6162656C223A5B5D[...]

Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Feb 05 2013 20:21:29 GMT+0800");

Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.initDone", true);

Deleted : user_pref("CT2786678.isAppTrackingManagerOn", false);

Deleted : user_pref("CT2786678.myStuffEnabled", true);

Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]

Deleted : user_pref("CT2786678.revertSettingsEnabled", true);

Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.testingCtid", "");

Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Feb 05 2013 18:03:15 GMT+0800");

Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Feb 03 2013 13:18:56 GMT+0800");

Deleted : user_pref("CT2786678.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/AU", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b6e[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");

Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\John\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");

Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 08:05:05 GMT+08[...]

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 17 2011 19:54:21 GMT+0800");

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 17 2011 19:54:13 GMT+0800");

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "1ad0752c-c65a-4c28-ac4f-1f00479479c7");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Apr 15 2012 10:05:21 GMT+0800");

Deleted : user_pref("CommunityToolbar.globalUserId", "bb8155a5-3d89-4bb3-a1ae-982d37f3eb6c");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.killedEngine", true);

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jan 31 2013 22:08:4[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 05 2013 18:03:22 GMT+080[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 05 2013 18:03:14 GMT+0800");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "963cae53-6939-48c1-9623-8fefd1eb3964");

Deleted : user_pref("CommunityToolbar.undefined", "");

-\\ Google Chrome v [unable to get version]

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25929 octets] - [05/02/2013 18:04:44]

AdwCleaner[R2].txt - [25990 octets] - [05/02/2013 21:27:48]

AdwCleaner[s1].txt - [311 octets] - [05/02/2013 21:28:09]

AdwCleaner[s2].txt - [26547 octets] - [05/02/2013 21:31:55]

########## EOF - C:\AdwCleaner[s2].txt - [26608 octets] ##########

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 6/02/2013 9:36:58 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.99 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.12% Memory free

15.98 Gb Paging File | 13.40 Gb Available in Paging File | 83.87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.69 Gb Total Space | 52.03 Gb Free Space | 46.59% Space Free | Partition Type: NTFS

Drive D: | 1.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 931.51 Gb Total Space | 508.79 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/06 21:35:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

PRC - [2013/01/20 14:49:07 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe

PRC - [2013/01/20 14:13:54 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/01/12 18:35:19 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

PRC - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/10/31 06:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/01/18 14:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/01/13 10:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

PRC - [2011/01/08 15:17:59 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2011/01/06 13:42:04 | 000,168,448 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe

PRC - [2011/01/05 03:31:34 | 000,570,880 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe

PRC - [2011/01/05 03:27:44 | 000,176,128 | ---- | M] (AVerMedia Technologies, Inc. ) -- C:\Program Files (x86)\SnugTV\SnugTV Station\QuickStart.exe

PRC - [2010/12/06 07:37:40 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2010/12/06 07:37:08 | 005,542,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2010/08/03 21:24:02 | 000,739,328 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

PRC - [2010/01/05 19:43:40 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

PRC - [2009/12/06 23:13:14 | 000,397,312 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe

PRC - [2009/10/30 16:48:42 | 000,348,160 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/20 14:13:53 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/01/12 18:35:18 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

MOD - [2012/01/18 14:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll

MOD - [2011/01/13 09:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/13 09:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll

MOD - [2010/12/06 07:36:54 | 011,170,744 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2010/01/19 13:44:14 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\SnugTV\SnugTV Station\AmaError.dll

MOD - [2010/01/05 19:43:40 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

MOD - [2009/04/23 05:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/10 07:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/04 06:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/04 06:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/04 06:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/04 06:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/04 06:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/04 06:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/04 06:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/04 06:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/04 06:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/01/20 14:49:07 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)

SRV - [2013/01/20 14:13:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/12 18:35:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 22:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/18 14:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/01/13 18:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2011/01/08 15:17:59 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2011/01/06 13:42:04 | 000,168,448 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Auto | Running] -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer)

SRV - [2011/01/05 03:31:34 | 000,570,880 | ---- | M] (AVerMedia Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe -- (SnugTV Service)

SRV - [2010/12/06 07:37:56 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/06 23:13:14 | 000,397,312 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)

SRV - [2009/10/30 16:48:42 | 000,348,160 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/13 17:44:15 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/18 14:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/01/18 14:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/09/07 10:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)

DRV:64bit: - [2011/09/07 04:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/09/07 04:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/09/07 04:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/09/07 04:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/09/07 04:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/09/07 04:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/08 15:17:59 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)

DRV:64bit: - [2011/01/08 15:17:59 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2011/01/08 15:17:59 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2011/01/08 15:17:58 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/17 20:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/11 14:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/09/15 13:34:34 | 001,593,216 | ---- | M] (AVerMedia TECHNOLOGIES, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerTM62_x64.sys -- (TRIDCap)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/07/26 22:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\John\Downloads\RealTemp_370\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 35 4F E2 E4 02 CE 01 [binary data]

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/12/20 21:02:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/20 14:13:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/20 14:13:50 | 000,000,000 | ---D | M]

[2011/02/03 22:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions

[2013/02/05 21:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\extensions

[2011/08/15 17:40:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\yrjf4vxw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/01/20 14:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/01/20 14:13:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/01/20 14:13:54 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/27 02:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2013/01/20 14:13:52 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2013/01/20 14:13:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/20 14:13:52 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2013/01/20 14:13:52 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2013/01/20 14:13:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2013/01/20 14:13:52 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Google Drive = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/03 16:40:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-21-3471965668-3378095989-543840113-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3471965668-3378095989-543840113-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557B1535-73FF-40DE-84FB-B3E6F0B29BE3}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72207755-80ED-4943-AA2A-3ED96CED909C}: DhcpNameServer = 10.143.147.147 10.143.147.148

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE4A0E39-AD47-495E-B83B-609C465CD7F2}: DhcpNameServer = 10.1.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 21:35:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

[2013/02/05 21:26:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/02/05 17:55:38 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/02/04 22:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/02/04 22:12:29 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/02/04 22:00:09 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe

[2013/02/04 21:18:13 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\mbar

[2013/02/04 21:05:24 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\RK_Quarantine

[2013/02/04 21:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/02/04 20:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2013/02/04 18:38:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr

[2013/02/03 17:23:50 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/02/03 16:48:22 | 002,712,200 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\John\Desktop\procexp.exe

[2013/02/03 16:35:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/02/03 16:35:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/02/03 16:35:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/02/03 16:34:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/03 16:34:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/02/03 10:47:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{75525110-B219-4D25-91DD-46F35C3DE977}

[2013/02/02 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\BitTorrent

[2013/02/02 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FE26A84B-B467-4239-BE2E-68B32502EA52}

[2013/02/01 15:14:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs

[2013/02/01 10:09:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{0C196007-DA70-4867-8D29-34511A2051E9}

[2013/01/31 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{2B42EEB7-2D35-4720-B82C-E013BB038C80}

[2013/01/30 18:01:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{67883E21-003C-48E1-B1FA-B91EC2B012AE}

[2013/01/29 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C97C12C6-8B96-419F-85E0-937DD20E7186}

[2013/01/28 11:47:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{078C3D0E-9763-4C55-93F7-C96A7A882061}

[2013/01/27 23:46:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{B03EBEA4-EF68-4408-BA27-82C63B98B3E1}

[2013/01/27 10:44:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{7399CBAD-BA95-4516-8F33-F4788990C7EE}

[2013/01/26 17:13:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{6EA6D1B1-7CAE-40DE-AA6E-6B049E461F85}

[2013/01/24 17:51:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{49FE822E-66A8-45AD-8E6D-9F0F9A8FB62E}

[2013/01/22 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8710CE29-8AB5-44D8-A781-2CC829E9CBCA}

[2013/01/20 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Childish Things

[2013/01/20 14:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Childish Things

[2013/01/20 14:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Childish Things

[2013/01/20 14:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/20 12:57:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{561283BE-B2B1-4C22-A48E-75BA7EC748BB}

[2013/01/18 08:29:15 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{AC4695FC-DE74-4D83-AB48-50536543036A}

[2013/01/17 12:31:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{03684BE7-5B5D-42EC-A173-8332729D3D08}

[2013/01/12 16:41:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{4D400E06-472C-435B-9688-DE6AAC317E36}

[2013/01/09 19:49:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{3A7BB912-B5B0-47B0-8024-8BDBDF44D1DC}

[2013/01/09 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{C529FA4F-8405-474D-988E-FA4EB8058EA3}

[2013/01/08 09:41:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{8AB995D0-2C30-4399-9454-36BD518090F3}

[2013/01/07 21:41:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{CAE5EB67-82B6-4ECB-B71E-F22C18AB5F62}

[2012/03/13 17:43:13 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\John\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/02/06 21:35:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe

[2013/02/06 21:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/06 20:11:49 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 20:11:49 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 20:10:32 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/06 20:10:32 | 000,631,356 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/06 20:10:32 | 000,111,480 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/06 20:04:38 | 000,000,681 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys

[2013/02/06 20:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/06 20:04:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2013/02/06 20:04:19 | 2140,737,535 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/05 22:12:34 | 000,003,592 | ---- | M] () -- C:\bootsqm.dat

[2013/02/05 17:51:58 | 000,582,111 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner.exe

[2013/02/04 22:00:37 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe

[2013/02/04 21:04:38 | 000,764,416 | ---- | M] () -- C:\Users\John\Desktop\RogueKillerX64.exe

[2013/02/04 18:38:55 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr

[2013/02/03 16:40:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/02/02 10:54:44 | 000,886,373 | ---- | M] () -- C:\Users\John\AppData\Local\census.cache

[2013/02/02 10:54:35 | 000,112,246 | ---- | M] () -- C:\Users\John\AppData\Local\ars.cache

[2013/02/02 10:43:39 | 000,000,036 | ---- | M] () -- C:\Users\John\AppData\Local\housecall.guid.cache

[2013/02/01 10:02:12 | 003,776,214 | ---- | M] () -- C:\Users\John\Desktop\AT_CYC_P_bike_map_perth_freo.pdf

[2013/01/20 14:49:08 | 000,126,976 | ---- | M] () -- C:\Windows\lcmmfu.cpl

[2013/01/20 14:49:07 | 000,048,640 | ---- | M] () -- C:\Windows\mmfs.dll

[2013/01/20 14:49:07 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe

[2013/01/10 04:40:36 | 000,423,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/05 22:12:34 | 000,003,592 | ---- | C] () -- C:\bootsqm.dat

[2013/02/05 17:50:13 | 000,582,111 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner.exe

[2013/02/04 21:04:35 | 000,764,416 | ---- | C] () -- C:\Users\John\Desktop\RogueKillerX64.exe

[2013/02/04 17:59:19 | 000,002,767 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnugTV Quick Start.lnk

[2013/02/04 17:59:19 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk

[2013/02/04 17:59:19 | 000,002,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk

[2013/02/03 16:35:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/02/03 16:35:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/02/03 16:35:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/02/03 16:35:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/02/03 16:35:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/02/02 10:54:44 | 000,886,373 | ---- | C] () -- C:\Users\John\AppData\Local\census.cache

[2013/02/02 10:54:35 | 000,112,246 | ---- | C] () -- C:\Users\John\AppData\Local\ars.cache

[2013/02/02 10:43:39 | 000,000,036 | ---- | C] () -- C:\Users\John\AppData\Local\housecall.guid.cache

[2013/02/01 10:02:12 | 003,776,214 | ---- | C] () -- C:\Users\John\Desktop\AT_CYC_P_bike_map_perth_freo.pdf

[2013/01/20 14:49:08 | 000,126,976 | ---- | C] () -- C:\Windows\lcmmfu.cpl

[2013/01/20 14:49:07 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll

[2013/01/20 14:49:07 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe

[2013/01/20 14:49:07 | 000,000,681 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys

[2012/07/26 18:29:26 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/13 17:43:13 | 000,007,859 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.cat

[2012/03/13 17:43:13 | 000,001,167 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.inf

[2012/01/18 14:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012/01/18 14:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012/01/18 14:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2011/05/06 20:45:18 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll

[2011/05/06 20:45:18 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys

[2011/05/06 20:45:07 | 000,606,208 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll

[2011/05/06 20:45:07 | 000,311,296 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll

[2011/05/06 20:45:07 | 000,307,200 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll

[2011/05/06 20:45:07 | 000,307,200 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll

[2011/05/06 20:45:07 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll

[2011/05/06 20:45:07 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll

[2011/05/06 20:45:07 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/08 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\0D83B544-DD2B-4F40-B480-E44CD4E87B52

[2011/01/08 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\25ABB00E-9EA0-442D-836E-86E92E38A8F5

[2011/01/08 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acronis

[2013/01/18 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity

[2013/02/02 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent

[2013/01/20 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Childish Things

[2011/12/02 01:16:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Guitar Pro 6

[2011/02/03 09:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\HD Tune Pro

[2011/11/22 10:57:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ICAClient

[2011/02/03 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn

[2011/02/03 15:32:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech

[2012/07/07 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nico Mak Computing

[2011/08/02 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PDF Writer

[2013/02/04 22:29:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent

[2012/03/13 17:44:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Vso

[2011/05/07 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/02/2013 9:36:58 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.99 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.12% Memory free

15.98 Gb Paging File | 13.40 Gb Available in Paging File | 83.87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.69 Gb Total Space | 52.03 Gb Free Space | 46.59% Space Free | Partition Type: NTFS

Drive D: | 1.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 931.51 Gb Total Space | 508.79 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3471965668-3378095989-543840113-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0CBB72E3-38C3-4E7E-8EE3-DFD73449303D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{124ED9D6-0405-49C4-8A21-51B2EE5BE36C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{325B3FF1-8576-4639-969C-1D484784DFC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3457633C-A810-4920-8705-FA489A880BE1}" = lport=445 | protocol=6 | dir=in | app=system |

"{4909D68B-D913-4279-A7ED-4EA0422EF94D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{49C5E15D-8BB0-42F0-BA4D-4CFA3321B17C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4A2C4984-DA52-4C13-96B7-F590ED7CF58D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{558B577C-21BD-4B7D-90D9-A82D5810A1B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5B2223E6-0270-4491-9F06-21C718E09383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6E9CB0A0-CC4B-4EB2-A74F-C5D1509FE7AE}" = rport=445 | protocol=6 | dir=out | app=system |

"{76DA7E1C-608B-4B5C-9F6B-7A890711B99F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{794C9018-37E3-4FF3-A790-C282EC99A56F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{7B63384C-A1B9-42BB-AAEC-0FB7EE216103}" = rport=10243 | protocol=6 | dir=out | app=system |

"{83FDF19C-CB24-4F41-8652-AE472FAC05ED}" = lport=2869 | protocol=6 | dir=in | app=system |

"{889DE28F-64A7-4127-840A-3B5886F35052}" = rport=139 | protocol=6 | dir=out | app=system |

"{94CEF344-8CBA-4FD4-8991-EF516192D0DA}" = rport=138 | protocol=17 | dir=out | app=system |

"{A9716689-63C8-43A8-B60D-BC3756C9B77E}" = lport=138 | protocol=17 | dir=in | app=system |

"{AFE61E5B-D16E-4BCD-87A4-A460961189F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B42EBD6E-5B4E-4B2A-8204-9A3A161DB8E7}" = lport=139 | protocol=6 | dir=in | app=system |

"{DDCF346C-4016-48C6-95E2-D1281E98FFC7}" = rport=137 | protocol=17 | dir=out | app=system |

"{E05DAB8E-2466-40F1-91ED-0259D71AFA52}" = lport=137 | protocol=17 | dir=in | app=system |

"{E84C9BE7-B900-4C39-83D5-C3ADDB76E250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E8BB8F4E-D3F1-4E7F-A03B-FF13E7D056D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{FD7134EE-62E3-45DF-9470-9BCEAFBEB21C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{031EFD2D-900C-48AA-A449-26EDDAA24BF0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{059F1F9E-E5FE-4DF0-BCE7-59ACE00E2D13}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"{07E9CAA5-3AA5-4951-A1AF-AFB1B125685D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{0988E071-9927-4ED0-A0B8-D0C8C61E140F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{0D1F7260-4939-4162-92BE-7DB471D5444F}" = protocol=17 | dir=in | app=c:\program files (x86)\snugtv\snugtv station\configwizard.exe |

"{0EA9BCF1-57DC-4B3E-BD3F-B75114F3DEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{10A64ACC-38B8-4691-989A-483CC39468B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"{19D63573-69F2-471D-B972-EEED6AAD571A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{1E44484E-30DC-44D6-BDB0-B806CE5E99DF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{1EB619BF-0D54-4091-AC0C-18AAD84658AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{275FD9E7-57C4-4262-BA68-1D6ACBE810AD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{276A4132-967A-42F4-8F15-58288794BA33}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{303CE1D2-F916-4242-A0C4-DC12C9DD31C8}" = protocol=6 | dir=out | app=system |

"{30F0BC26-D3D3-4B2A-A152-0E24C89EC584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{31F2B9FD-F05F-4431-92E8-14F2FAFE6486}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{32144F54-10A3-49AF-BF2B-3A24042031B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{35ABD329-7914-4B72-9126-C3077BD3F66E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{397982FB-0897-4164-AC94-40BC01FBC3D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{39C24EB1-7528-4D23-8EF6-473D54BAF11F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{443D5C6B-1554-49DB-B5DA-A373F26C9468}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{49C82124-6C64-4D84-A994-B5532B3C0FE0}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |

"{4ABA60E2-AA77-4156-92F2-3E5B56E8E411}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{4AF5FEF7-BBA8-4F08-ABE6-49D65736666B}" = dir=in | app=c:\users\john\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{50C8806F-E93A-40D2-B9A3-2B7DF1616C95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{58D088D5-13F0-4E43-B191-CE44EAAA2585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5D3A259F-504E-4CA4-B946-3578E652749F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{68F59000-2651-43AF-A50A-E6117134B4B8}" = protocol=17 | dir=in | app=c:\program files (x86)\snugtv\snugtv station\amaserver.exe |

"{6DF886F1-E5DA-40B0-8926-2E388323943A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{74154EE8-E4DD-4042-8173-F61B0274A0B7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{782710A9-688B-4DCF-8492-8E9F170872D8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{7BD01B51-977F-4082-8FE3-3AF1812402C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7C4EA771-EB09-40CA-8877-39F83E3C9C77}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{7D41D30F-47AC-4DDC-A8EF-7A0992463047}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{8156802D-58E4-46BA-A971-7FEA27EB55DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{85EDE155-7699-4938-A6BC-EAFC4A81BB45}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{886BFD74-FC29-4593-A1DB-E389C92C95F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8C038B14-E6B8-4CE3-8A49-73D61D49DC59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{8E4FEF88-2218-4062-A7D5-EB7A3C3E3330}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{8E5C7B60-F7DE-4D65-BA7A-2C8AAEDB6F5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{905FA18E-7F91-44A4-AE9D-C25DE161968D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |

"{932F387F-84A1-4AD3-B859-2547F3612188}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{94A1509A-0E11-4507-8016-E7BB759EA875}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{9A2320EA-5D10-44EF-A89D-F40CD375D9EB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{A03B85DC-77C4-4A5B-9562-FF138EA36BD3}" = protocol=6 | dir=in | app=c:\program files (x86)\snugtv\snugtv station\amaserver.exe |

"{A1CEB21D-B319-465B-B7FE-60E848AEAA6D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A44A334D-9361-45F1-A0A7-4738790BE174}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{A79F4F64-77FF-4694-B47D-E9102FBC384E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{AA609752-7101-4046-9684-5095A45FD5C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{ABB18843-1D75-4BD0-B620-CAB84C741742}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{ACDC4608-621B-4D17-A23E-5D3A2E6E55FD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{B00C0A59-C222-4C9F-A223-D2F864A7FA86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C4AFEDDC-3CFA-42E8-B72D-8191E8E89513}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{C4FA79B6-8690-4C0C-8CA3-2ADEA2A739A4}" = protocol=6 | dir=in | app=c:\program files (x86)\snugtv\snugtv station\configwizard.exe |

"{C72FA116-A634-4153-B0F7-FDD68150C8D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{CAB35571-274F-4846-A4E8-9996CA7E5BAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CF743FCE-B75A-4817-93BC-962E02F8FE6F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{D180C7C9-6DCB-4187-B490-7B26B02AA336}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{DA56BD52-521A-4F03-B01D-5F4B9C446E38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{DAD83D66-8CB7-4E8F-9221-ACFD0D9FA238}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{DD1DCC21-D937-467A-9206-F83FAF05F4A5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E8F64BC4-EDB8-496A-8EE4-12B589023FA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EDEC8908-8127-4C58-BE80-CFBAF67F6D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{EFFF9571-75EC-4FD9-BBA9-91A78E78C8F0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{F2855CED-61E8-45C0-B920-79F971585294}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe |

"TCP Query User{1823DC13-541E-4EB2-9487-4881389D1004}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{49087EF6-6339-4FE9-A35A-4D5346714518}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

"TCP Query User{C6FE589A-CEB3-48B1-AD34-4809755DC16E}C:\Program Files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |

"UDP Query User{1861592B-8415-4B78-A178-AADE80927833}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

"UDP Query User{3B1E25F3-E03D-4F50-88C2-6E0611E797B7}C:\Program Files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |

"UDP Query User{AB5AFFBA-FF10-4645-9F37-FE0440944950}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64

"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304

"EPSON TX700W Series" = EPSON TX700W Series Printer Uninstall

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{198F93FD-9919-4010-8164-06BC2349959C}" = SnugTV Station

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A36F069-42F7-4EAF-9389-1AB34DC7EFE1}" = International Cricket Captain 2010

"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer MediaCenter 3D

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Audacity_is1" = Audacity 2.0.2

"avast" = avast! Free Antivirus

"AVerMedia H727 PCIe TV Tuner" = AVerMedia H727 PCIe TV Tuner 1.12.64.32

"Diablo III" = Diablo III

"DVDFab 8_is1" = DVDFab 8.0.3.2 (30/10/2010)

"ESET Online Scanner" = ESET Online Scanner v3

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70

"Grand Theft Auto" = Grand Theft Auto

"ImgBurn" = ImgBurn

"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications

"InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}" = AVer MediaCenter 3D

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LAME_is1" = LAME v3.99.3 (for Windows)

"Logitech Vid" = Logitech Vid HD

"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Rockstar Games Social Club" = Rockstar Games Social Club

"SmartBadge2 Connection Kit for (non-GIL) - 1.1" = SmartBadge2 Connection Kit for (non-GIL) - 1.1

"VLC media player" = VLC media player 1.1.6

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 24/07/2012 10:08:09 AM | Computer Name = John-PC | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:

11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,

version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:

0x001d1e2f Faulting process id: 0x1190 Faulting application start time: 0x01cd69a1ae75303b

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report

Id: fedfc99e-d598-11e1-8525-fa3dd854ebd3

Error - 25/07/2012 4:44:36 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 27/07/2012 12:30:28 PM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 29/07/2012 1:43:28 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 29/07/2012 9:32:04 PM | Computer Name = John-PC | Source = Google Update | ID = 20

Description =

Error - 1/08/2012 3:22:22 AM | Computer Name = John-PC | Source = Google Update | ID = 20

Description =

Error - 1/08/2012 4:20:37 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/08/2012 9:28:48 AM | Computer Name = John-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 14.0.1.4577 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: fac Start

Time: 01cd6fd43178a5cb Termination Time: 26 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: b1fac65f-dbdc-11e1-9ce6-fa6123da04d0

Error - 2/08/2012 7:41:43 AM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/08/2012 11:29:56 PM | Computer Name = John-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

[ AVer AutoUpdate Events ]

Error - 31/01/2013 10:08:49 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 31/01/2013 10:09:11 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 31/01/2013 10:09:33 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 3/02/2013 4:29:04 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 3/02/2013 4:29:26 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 5/02/2013 5:45:55 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 5/02/2013 5:46:17 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 5/02/2013 5:46:39 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 5/02/2013 5:47:01 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

Error - 5/02/2013 5:47:23 AM | Computer Name = John-PC | Source = AVerUpdate Server | ID = 0

Description =

[ System Events ]

Error - 6/02/2013 8:04:49 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 6/02/2013 8:04:49 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

Error - 6/02/2013 8:04:50 AM | Computer Name = John-PC | Source = WMPNetworkSvc | ID = 866314

Description =

Error - 6/02/2013 8:04:51 AM | Computer Name = John-PC | Source = WMPNetworkSvc | ID = 866314

Description =

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = PNRPSvc | ID = 102

Description =

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = PNRPSvc | ID = 102

Description =

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 6/02/2013 8:05:00 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Can program with fixes requested, was asked to reboot and did same. Here's the log:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: John

->Java cache emptied: 1 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: John

->Temp folder emptied: 183290 bytes

->Temporary Internet Files folder emptied: 24739860 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 282946461 bytes

->Google Chrome cache emptied: 7847369 bytes

->Flash cache emptied: 1629 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 301.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: John

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02062013_221547

Files\Folders moved on Reboot...

C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.