Need help cleaning up my computer

[marienottingham]

I need help cleaning up my computer!

[flashh4]

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished...
    *This time, click on the Clean button.
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

    

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!




NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.




When the scan is complete, click  OK, then  Show Results to view the results.



    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

 

Please don't attach the scans / logs, use "copy/paste".

 

 

Run these as your time permits, they do not have to be run all at once ! Post me the logs when you get them !!

 

Thanks

Chuck

[flashh4]

Due to inactivity this topic is now closed !! If you need this re-opened please PM me or another Mod !

 

Chuck

[flashh4]

Opened by users request !!!

 

Chuck

[marienottingham]

see if you get these files:

# AdwCleaner v3.006 - Report created 04/10/2013 at 09:32:57
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tim - TIM-PC
# Running from : C:\Users\Tim\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Omiga Plus
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Tim\AppData\Local\Conduit
Folder Deleted : C:\Users\Tim\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Tim\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Tim\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Tim\AppData\Local\Temp\WinZipper
Folder Deleted : C:\Users\Tim\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Tim\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tim\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Tim\AppData\LocalLow\TelevisionFanaticEI
Folder Deleted : C:\Users\Tim\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Tim\AppData\Roaming\337
Folder Deleted : C:\Users\Tim\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tim\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Tim\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Tim\AppData\Roaming\DSite
Folder Deleted : C:\Users\Tim\AppData\Roaming\Omiga Plus
Folder Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\Smartbar
Folder Deleted : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
File Deleted : C:\END
File Deleted : C:\Users\Tim\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Tim\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Tim\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Tim\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\\invalidprefs.js
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\searchplugins\Babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\user.js
File Deleted : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\windows\Tasks\DSite.job
File Deleted : C:\windows\System32\Tasks\DSite
File Deleted : C:\windows\System32\Tasks\Omiga Plus RunAsStdUser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\59edb8db739ba15
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\V9
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\prefs.js ]

Line Deleted : user_pref("CT3131886.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3131886.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3131886.1000234.TWC_TMP_city", "EL DORADO HILLS");
Line Deleted : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3131886.1000234.TWC_locId", "USCA0335");
Line Deleted : user_pref("CT3131886.1000234.TWC_location", "El Dorado Hills, CA");
Line Deleted : user_pref("CT3131886.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3131886.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3131886.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3131886.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"87°F\",\"temperatureClear\":\"87°F\",\"highTemperature\":\"104°F\",\"lowTemperature\":\"67°F\",\"feelsLike\":\"86[...]
Line Deleted : user_pref("CT3131886.129730831435930026.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
Line Deleted : user_pref("CT3131886.BBActive.enc", "eWVz");
Line Deleted : user_pref("CT3131886.BBID.enc", "MzIyNDk4ZWJjMjc5YzNiOQ==");
Line Deleted : user_pref("CT3131886.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3131886.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3131886.FirstTime", "true");
Line Deleted : user_pref("CT3131886.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3131886.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3131886.PG_ENABLE", "ZmFsc2U=");
Line Deleted : user_pref("CT3131886.PG_ENABLE.enc", "Wm1Gc2MyVT0=");
Line Deleted : user_pref("CT3131886.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3131886.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3131886.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3131886.SF_USER_ID.enc", "Y2lkXzI3NDIwMTMxNzM0NDE4MjkzNDE3");
Line Deleted : user_pref("CT3131886.SearchAppState.enc", "Mw==");
Line Deleted : user_pref("CT3131886.SearchAppTracking.enc", "c2VudA==");

Line Deleted : user_pref("CT3131886.UserID", "UN99669622857373016");
Line Deleted : user_pref("CT3131886.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3131886.autoDisableScopes", -1);
Line Deleted : user_pref("CT3131886.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3131886.cb_experience_000.enc", "MzQ2");
Line Deleted : user_pref("CT3131886.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3131886.cb_user_id_000.enc", "Q0I0ODY4OTM1MjUyMDBfMTM1NTg4MTQ5MDcwNF9GaXJlZm94");
Line Deleted : user_pref("CT3131886.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT3131886.cbfirsttime.enc", "VHVlIEp1bCAzMSAyMDEyIDIxOjA2OjI0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3131886.countryCode", "US");
Line Deleted : user_pref("CT3131886.defaultSearch", "true");
Line Deleted : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3131886.enableAlerts", "always");
Line Deleted : user_pref("CT3131886.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3131886.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3131886.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3131886.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3131886.fixUrls", true);
Line Deleted : user_pref("CT3131886.fullUserID", "UN99669622857373016.XX.20130624120723");
Line Deleted : user_pref("CT3131886.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3131886.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3131886.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3131886.isNewTabEnabled", true);
Line Deleted : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3131886.keyword", true);

Line Deleted : user_pref("CT3131886.lastVersion", "10.16.4.519");
Line Deleted : user_pref("CT3131886.mam_gk_appStateReportTime.enc", "MTM3MjQyNjY3MjUwOA==");
Line Deleted : user_pref("CT3131886.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3131886.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3131886.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3131886.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3131886.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3131886.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwidXJsIjoiaHR0cDovL3d3dy5zb2NpYWxncm93dGh0ZWNobm9sb2dpZXMuY29tL2NvdXBvbmJ1ZGR5X3YwMDMvaW5kZXgucGhwP2N0aWQ9RUJUT09MQkFS[...]
Line Deleted : user_pref("CT3131886.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3131886.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR3JhYmJlciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImEwMGZkODc3LTFiZGMtNDg5Yy1hYmNjLTBlOGFmZjg0NTg3ZCIsImRvbWFpbnM[...]
Line Deleted : user_pref("CT3131886.mam_gk_currentBadgeValue.enc", "MA==");
Line Deleted : user_pref("CT3131886.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3131886.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3131886.mam_gk_lastLoginTime.enc", "MTM3MjQyNjY3NjY1Mg==");
Line Deleted : user_pref("CT3131886.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3131886.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3131886.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3131886.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3131886.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3131886.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTJfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3131886.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3131886.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3131886.mam_gk_userId.enc", "NDQxMTQ5YmYtZTczYi00YmQxLWI1YjEtOGRlYWU4N2E2ZWZi");
Line Deleted : user_pref("CT3131886.migrateAppsAndComponents", true);

Line Deleted : user_pref("CT3131886.openThankYouPage", "false");
Line Deleted : user_pref("CT3131886.openUninstallPage", "true");

Line Deleted : user_pref("CT3131886.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/12\\\\/2012 20\\\"}\"}");
Line Deleted : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Line Deleted : user_pref("CT3131886.search.searchCount", "2");
Line Deleted : user_pref("CT3131886.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3131886.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3131886\"}");

Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber1\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_services_Configuration_lastUpdate", "1372426658979");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1371668721645");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appTracking_lastUpdate", "1355367161984");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appsMetadata_lastUpdate", "1372439345524");
Line Deleted : user_pref("CT3131886.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372292109466");
Line Deleted : user_pref("CT3131886.serviceLayer_services_location_lastUpdate", "1372043449479");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345294529096");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352695340331");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359043303667");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361850748248");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364184287401");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.15.0.562_lastUpdate", "1372043449867");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.15.2.523_lastUpdate", "1370232813236");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372426636859");
Line Deleted : user_pref("CT3131886.serviceLayer_services_optimizer_lastUpdate", "1352603179300");
Line Deleted : user_pref("CT3131886.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372292109788");
Line Deleted : user_pref("CT3131886.serviceLayer_services_searchAPI_lastUpdate", "1372426650618");
Line Deleted : user_pref("CT3131886.serviceLayer_services_serviceMap_lastUpdate", "1372426639814");
Line Deleted : user_pref("CT3131886.serviceLayer_services_setupAPI_lastUpdate", "1364184291033");
Line Deleted : user_pref("CT3131886.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372292109342");
Line Deleted : user_pref("CT3131886.serviceLayer_services_toolbarSettings_lastUpdate", "1372439345740");
Line Deleted : user_pref("CT3131886.serviceLayer_services_translation_lastUpdate", "1372134296413");
Line Deleted : user_pref("CT3131886.serviceLayer_services_userApps_lastUpdate", "1367105560712");
Line Deleted : user_pref("CT3131886.settingsINI", true);
Line Deleted : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3131886.showToolbarPermission", "false");
Line Deleted : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Line Deleted : user_pref("CT3131886.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3131886.smartbar.homepage", true);
Line Deleted : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Line Deleted : user_pref("CT3131886.toolbarBornServerTime", "1-8-2012");
Line Deleted : user_pref("CT3131886.toolbarCurrentServerTime", "28-6-2013");
Line Deleted : user_pref("CT3131886.toolbarLoginClientTime", "Mon Mar 25 2013 20:54:34 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT3131886.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3131886.url_history0001.enc", "aHR0cDovL3d3dy5iaW5nLmNvbS9lbnRpdGllcy9zZWFyY2g/cT1iaWxsaW5ncytjbGluaWMmZmlsdGVycz1zZWdtZW50JTNhJTIybG9jYWwlMjImcXB2dD1iaWxsaW5ncytjbGluaWMmRk9STT1MQVJFOjo6[...]
Line Deleted : user_pref("CT3131886_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1372439337328,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3294791.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3294791.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.FF19Solved", "true");
Line Deleted : user_pref("CT3294791.FirstTime", "true");
Line Deleted : user_pref("CT3294791.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3294791.PG_ENABLE", "ZmFsc2U=");
Line Deleted : user_pref("CT3294791.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3294791.SF_STATUS.enc", "RU5BQkxFRA==");

Line Deleted : user_pref("CT3294791.UserID", "UN38037130027731196");
Line Deleted : user_pref("CT3294791.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3294791.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3294791.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3294791.autoDisableScopes", -1);
Line Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3294791.countryCode", "US");
Line Deleted : user_pref("CT3294791.defaultSearch", "true");
Line Deleted : user_pref("CT3294791.embeddedsData", "[{\"appId\":\"130089396748860745\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3294791.enableAlerts", "true");
Line Deleted : user_pref("CT3294791.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3294791.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3294791.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3294791.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3294791.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3294791.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3294791.fixUrls", true);
Line Deleted : user_pref("CT3294791.fullUserID", "UN38037130027731196.IN.20130626180648");
Line Deleted : user_pref("CT3294791.installDate", "26/06/2013 18:06:45");
Line Deleted : user_pref("CT3294791.installId", "stub.exe");
Line Deleted : user_pref("CT3294791.installSessionId", "{6B6BFB20-46AC-4B45-A241-D26479A0BCA5}");
Line Deleted : user_pref("CT3294791.installSp", "TRUE");
Line Deleted : user_pref("CT3294791.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3294791.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3294791.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3294791.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3294791.keyword", "true");

Line Deleted : user_pref("CT3294791.lastVersion", "10.16.4.519");
Line Deleted : user_pref("CT3294791.mam_gk_appStateReportTime.enc", "MTM3MjQzNDAwODI1Nw==");
Line Deleted : user_pref("CT3294791.mam_gk_appState_CouponBuddy.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_Discover.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_Easytobook.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_Find-a-Pro.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_PiclickV2-WebSearch.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_PriceGong.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appState_WindowShopper.enc", "b2Zm");
Line Deleted : user_pref("CT3294791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3294791.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3294791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJiMjU5Mjg0My0wYmUzLTQxMzItYWJhMy04NjQ2MmNhYTEwNmQiLCJ[...]
Line Deleted : user_pref("CT3294791.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3294791.mam_gk_eventsCache.enc", "eyIxZTY2NTRhOC0yZjQyLTQxMDAtYTViZC0yOTFkOTY3ZDk5MWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3294791.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3294791.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Line Deleted : user_pref("CT3294791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3294791.mam_gk_lastLoginTime.enc", "MTM3MjQzNDAwNjE5MQ==");
Line Deleted : user_pref("CT3294791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3294791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3294791.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMSIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3294791.mam_gk_showCloseButton.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3294791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3294791.mam_gk_userId.enc", "NTE1ZTQ2ZjItMDhhNi00ZTVkLTg5MzAtMzFkNWU5NTY4YjNj");
Line Deleted : user_pref("CT3294791.migrateAppsAndComponents", true);

Line Deleted : user_pref("CT3294791.openThankYouPage", "false");
Line Deleted : user_pref("CT3294791.openUninstallPage", "true");


Line Deleted : user_pref("CT3294791.originalSearchEngine", "My Web Search");
Line Deleted : user_pref("CT3294791.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3294791.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3294791.search.searchAppId", "130089396748860745");
Line Deleted : user_pref("CT3294791.search.searchCount", "0");
Line Deleted : user_pref("CT3294791.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3294791.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3294791.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3294791.searchRevert", "false");
Line Deleted : user_pref("CT3294791.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3294791.searchUserMode", "2");
Line Deleted : user_pref("CT3294791.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3294791\"}");

Line Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic2\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3294791.serviceLayer_services_Configuration_lastUpdate", "1372292014057");
Line Deleted : user_pref("CT3294791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372301164657");
Line Deleted : user_pref("CT3294791.serviceLayer_services_appsMetadata_lastUpdate", "1372439345502");
Line Deleted : user_pref("CT3294791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372301165301");
Line Deleted : user_pref("CT3294791.serviceLayer_services_login_10.16.4.19_lastUpdate", "1372301165893");
Line Deleted : user_pref("CT3294791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372301165000");
Line Deleted : user_pref("CT3294791.serviceLayer_services_searchAPI_lastUpdate", "1372292101087");
Line Deleted : user_pref("CT3294791.serviceLayer_services_serviceMap_lastUpdate", "1372291954445");
Line Deleted : user_pref("CT3294791.serviceLayer_services_setupAPI_lastUpdate", "1372292037153");
Line Deleted : user_pref("CT3294791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372301165146");
Line Deleted : user_pref("CT3294791.serviceLayer_services_toolbarSettings_lastUpdate", "1372439345834");
Line Deleted : user_pref("CT3294791.settingsINI", true);
Line Deleted : user_pref("CT3294791.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3294791.showToolbarPermission", "false");
Line Deleted : user_pref("CT3294791.smartbar.CTID", "CT3294791");
Line Deleted : user_pref("CT3294791.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3294791.smartbar.homepage", "true");
Line Deleted : user_pref("CT3294791.smartbar.toolbarName", "Vafmusic2 ");
Line Deleted : user_pref("CT3294791.startPage", "true");
Line Deleted : user_pref("CT3294791.toolbarBornServerTime", "27-6-2013");
Line Deleted : user_pref("CT3294791.toolbarCurrentServerTime", "28-6-2013");
Line Deleted : user_pref("CT3294791.toolbarLoginClientTime", "Wed Jun 26 2013 20:46:05 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1372439337227,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic2 Customized Web Search");


Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "285d35fd000000000000b2749f70e534");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "285d35fd000000000000b2749f70e534");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15464");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:25:53");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "17");
Line Deleted : user_pref("extensions.delta.cntry", "US");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "5A9538E1436C2C8FA933116E4A951AEC");
Line Deleted : user_pref("extensions.delta.id", "285d35fd000000000000b2749f70e534");
Line Deleted : user_pref("extensions.delta.instlDay", "15928");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.015:57:42");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "czb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.015:57:42");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=070813_wt4&tsp=4971");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search Results");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search Results");

Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.lastGuardTime", -1959684738);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013033019");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm003^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "COvgg9HkpbYCFYFxQgodP3kAZg");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "7137DDF1-C4B5-4FA1-B0EA-850189617303");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1376913762282");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.searchHistory", "Forgiveness - YW handout||truila heidi Skinner Realistate||straigtalk||Lowes ceiling wallpaper||doc martin episodes||tom cruise mov[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "82410");

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2011121020");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm014ASus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "3FB40A8B-C6A7-4D55-A7BB-05E991826473");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1339017529402");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "buy sell agreement||contract for deed forms free||conditional sales agreement||bridge to terabithia||bank of bridger||income tax fi[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.isFahrenheit", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "59041");

Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.installDate", "2012050319");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerId", "Z7xdm286YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.partnerSubId", "PTC-Action");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.installation.toolbarId", "A7F14F24-927E-4E1B-978F-4159CC98C329");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.lastActivePing", "1337344148273");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", false);

Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.searchHistory", "sudoku puzzles||rio billings");
Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.weather.location", "35201");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3131886");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3131886");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Line Deleted : user_pref("smartbar.machineId", "PHYHGKU+R+1/RIZ8H6DZIW0AWNNFK0AYZJB/D2RWLMMI1CBIGVBXPWKB9ABZ1EA6J942SG6NOG2NWZPMGGM9HW");



-\\ Google Chrome v

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [52320 octets] - [04/10/2013 09:30:08]
AdwCleaner[s0].txt - [52297 octets] - [04/10/2013 09:32:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [52358 octets] ##########
 

 

[flashh4]

Marie >>> How to Temporarily Disable your Anti-virus
http://forums.whatthetech.com/index.php?showtopic=96260

 

Chuck

[flashh4]

Marie, AdwCleaner did a good job as usual !!

 

Post the other logs as you get them, it does not have to be done all today, work on them as you can !

 

Chuck

[marienottingham]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Tim on Wed 10/16/2013 at  5:55:47.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/16/2013 at  6:11:38.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[flashh4]

Marie, good to see ya working on this. Hopefully we can get it clean so you have no more problems, we have removed some bad things but more to go !!

 

Chuck

[marienottingham]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Tim :: TIM-PC [administrator]

Protection: Enabled

10/16/2013 7:27:26 AM
mbam-log-2013-10-16 (07-27-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211706
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 10
C:\Users\Tim\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3244149 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 90
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$R9LEYAX.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$R9P3QFR.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RCPBO2O.exe (PUP.AdBundle) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RCSWXWH.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RI59B4V.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RMA2M0J.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RNTRLEY.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$ROZAAXM.exe (PUP.AdBundle) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RQBWPF1.exe (PUP.MSIL.Launcher) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RSFOTJK.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RTW74O6.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RVQW98H.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RX30MYH.exe (PUP.Optional.Bandoo) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RY7Z9D6.exe (PUP.AdBundle) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-419008064-1442257413-3684721255-1000\$RZIXYPV.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsc2214.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsdC330.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsdEACF.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsf9044.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsm483.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nspA840.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\nsqDB74.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\ccp.exe (PUP.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\MyDeltaTB.exe (PUP.Delta.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\B39E1D19-BAB0-7891-888A-D2287C314026\Latest\Setup.exe (PUP.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\installer.exe (PUP.MSIL.Launcher) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\setup__120.exe (PUP.Optional.Amonetize.AS) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\software\Desk365.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\software\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\is135653842\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\is135653842\SaveTheChildren_20120320.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\is357113909\146803733_Setup.EXE (PUP.Optional.LyricXeeker.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Tim\Downloads\angry-birds-rio.exe (PUP.AdBundle) -> No action taken.
C:\Users\Tim\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Tim\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Tim\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Tim\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Tim\Downloads\MyTopFreeGames_UnlockGames.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Users\Tim\Downloads\Player_Setup.exe (PUP.MSIL.Launcher) -> No action taken.
C:\Users\Tim\Downloads\setup.exe (PUP.Optional.InstallCore.A) -> No action taken.
C:\Users\Tim\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> No action taken.
C:\Users\Tim\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\7Y2KQ66W\component_libcef_1.1364.1123[1].exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\7Y2KQ66W\stublogic[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\7Y2KQ66W\Vafmusic2[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\7Y2KQ66W\Wallpaper[1].exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\SGJT8CZL\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\SGJT8CZL\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\SGJT8CZL\Vafmusic2_wpf[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\SKJC8I7N\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\Local Settings\Temporary Internet Files\Content.IE5\SNDQSNM7\pack[1].7z (PUP.Optional.PerformerSoft.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\CT3131886.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3131886\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3244149\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3244149\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\CT3294791.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\CT3294791.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\ct3294791\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\Player_Setup(1).exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Tim\AppData\Local\Temp\DM\Player_Setup(1).exe\software\Player_Setup.exe (Trojan.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Tim\AppData\Local\Temp\is135653842\IWantThis_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)
 

[marienottingham]

So do I need to defrag too?

[flashh4]

No not at this time ! I need you to re-run Malwarebytes and this time make sure you check the box that says "Remove Selected" !

 

Chuck

[flashh4]

Marie, do not remove these tools/programs till we are threw because we may need to re-run one or more before we get you clean !

 

Lets check for additional security risks:

    * Please download CKScanner© by askey127 and save to your desktop.Click here >>> Click here.
    * Double click on CKScanner.exe and click Search For Files.
    * After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
    * Post the contents of ckfiles.txt in your reply, it is located on your desktop.
 

 

 

NEXT

 

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



thanks

Chuck

[marienottingham]

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\tim\music\itunes\itunes media\music\compilations\above the rim\14 crack 'em.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\01 hannah jane.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\03 let her cry.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\05 running from an angel.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\06 i'm goin' home.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\07 drowning.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\08 time.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\09 look away.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\10 not even the trees.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\11 goodbye.m4a
c:\users\tim\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\12 cracked rear view.m4a
scanner sequence 3.DI.11.CKAPOZ
 ----- EOF -----
 

[marienottingham]

OTL logfile created on: 10/17/2013 8:29:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 34.21% Memory free
5.74 Gb Paging File | 3.37 Gb Available in Paging File | 58.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 145.29 Gb Free Space | 65.67% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/17 08:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Downloads\OTL.com
PRC - [2013/10/17 08:12:25 | 000,468,480 | ---- | M] () -- C:\Users\Tim\Downloads\CKScanner.exe
PRC - [2013/10/11 07:38:01 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/01 07:21:41 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 02:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 02:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/17 08:12:25 | 000,468,480 | ---- | M] () -- C:\Users\Tim\Downloads\CKScanner.exe
MOD - [2013/10/13 17:52:54 | 001,227,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll
MOD - [2013/10/13 17:51:28 | 000,369,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/13 17:51:25 | 001,142,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/13 17:51:20 | 000,082,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/13 17:50:54 | 001,394,176 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/13 17:50:45 | 001,079,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/13 17:50:42 | 018,109,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/13 17:49:45 | 001,089,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll
MOD - [2013/10/13 17:39:35 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/13 17:39:29 | 002,659,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/13 17:39:13 | 000,393,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f58dc6b661c4fb91c68945da9b701135\System.Xml.Linq.ni.dll
MOD - [2013/10/11 07:37:59 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/11 06:50:17 | 018,003,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/11 06:49:55 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/11 06:49:51 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/11 06:49:28 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/11 06:49:18 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/11 06:49:10 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/01 07:21:39 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/20 13:30:27 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/20 13:28:55 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 09:34:52 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/15 09:34:44 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 09:34:24 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 09:34:18 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 13:29:07 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/08/07 19:40:36 | 002,052,096 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
MOD - [2012/08/07 19:40:36 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
MOD - [2012/08/07 19:40:36 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
MOD - [2012/08/07 19:40:36 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
MOD - [2012/08/07 19:40:36 | 000,770,048 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
MOD - [2012/08/07 19:40:36 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012/08/07 19:40:36 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
MOD - [2012/08/07 19:40:36 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
MOD - [2012/08/07 19:40:36 | 000,232,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012/08/07 19:40:36 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012/08/07 19:40:36 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MEshim.dll
MOD - [2012/08/07 19:40:36 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012/08/07 19:40:35 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012/08/07 19:40:35 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012/08/07 19:40:35 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012/08/07 19:40:35 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012/08/07 19:40:35 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012/08/07 19:40:35 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012/08/07 19:40:35 | 000,223,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012/08/07 19:40:35 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012/08/07 19:40:35 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012/08/07 19:40:35 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012/08/07 19:40:35 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012/08/07 19:40:35 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012/08/07 19:40:35 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012/08/07 19:40:34 | 001,035,264 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012/08/07 19:40:34 | 000,667,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012/08/07 19:40:34 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012/08/07 19:40:34 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012/08/07 19:40:34 | 000,115,200 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012/08/07 19:40:34 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012/08/07 19:40:34 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012/08/07 19:40:34 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/02/20 06:10:20 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
MOD - [2007/02/20 06:09:22 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
MOD - [2007/02/20 04:34:48 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 02:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/11 07:38:04 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 07:21:40 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/28 14:07:31 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/28 14:07:30 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/28 14:07:30 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/09 02:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 02:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 02:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 02:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 02:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/20 08:00:12 | 000,173,328 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV:64bit: - [2010/07/20 08:00:12 | 000,173,328 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNSP.sys -- (PTUMWNSP)
DRV:64bit: - [2010/07/20 08:00:12 | 000,173,328 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV:64bit: - [2010/07/20 08:00:12 | 000,143,888 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV:64bit: - [2010/07/20 08:00:12 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV:64bit: - [2010/07/20 08:00:10 | 000,173,328 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWCSP.sys -- (PTUMWCSP)
DRV:64bit: - [2010/07/20 08:00:10 | 000,070,928 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV:64bit: - [2010/07/20 08:00:10 | 000,024,976 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/03/31 16:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 19:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9D9724D8-EF99-41E8-80DF-EB93D2581D40}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{62CA7BDD-07E3-4243-A757-FDD6679214A1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com [binary data]
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - No CLSID value found
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes\{2F9022F7-C000-4DB0-8F79-1EEC1C0D75CD}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111253,17118,0,18,0
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes\{62CA7BDD-07E3-4243-A757-FDD6679214A1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes\{CF1ACED0-2254-454E-8998-C7AE97C6B942}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/28 14:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/01 07:21:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/01 07:21:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/01 21:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2013/09/27 07:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\extensions
[2012/12/03 09:17:56 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/10/01 07:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 07:21:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/01 07:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 07:21:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/28 14:06:36 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/06 11:35:46 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3


O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://70.183.236.44/WinWebPush.cab (WebWatch Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4640BF22-70B3-4C77-8B62-25A3F443414D}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F20E8139-9551-409D-A809-68860E8983F0}: DhcpNameServer = 72.21.65.13 72.21.65.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58aec13d-e3fb-11e2-8b8b-00266cae4df0}\Shell - "" = AutoRun
O33 - MountPoints2\{58aec13d-e3fb-11e2-8b8b-00266cae4df0}\Shell\AutoRun\command - "" = E:\menu.exe
O33 - MountPoints2\{bb7fb588-64a1-11e0-ac52-00266cae4df0}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7fb588-64a1-11e0-ac52-00266cae4df0}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{bb7fb60d-64a1-11e0-ac52-00266cae4df0}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7fb60d-64a1-11e0-ac52-00266cae4df0}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{bb7fb62f-64a1-11e0-ac52-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{bb7fb62f-64a1-11e0-ac52-7a8020000200}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{e24019e3-a818-11e0-8d79-00266cae4df0}\Shell - "" = AutoRun
O33 - MountPoints2\{e24019e3-a818-11e0-8d79-00266cae4df0}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/16 07:25:13 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2013/10/16 07:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/16 07:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/16 07:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/10/16 07:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/16 05:52:57 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Tim\Desktop\JRT_NEW.exe
[2013/10/12 20:09:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/10/12 20:09:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/10/12 20:09:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/10/12 20:09:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/10/12 20:09:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/10/12 20:09:12 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/10/12 20:09:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/10/12 20:09:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/12 20:09:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/10/12 20:09:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/10/12 20:09:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/10/12 20:08:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/10/12 20:08:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/10/12 20:08:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/10/12 20:08:55 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/10/11 06:39:04 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/10/11 06:38:55 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/10/11 06:38:55 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/10/11 06:38:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/10/11 06:38:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/10/11 06:38:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/10/11 06:38:52 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/10/11 06:38:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/10/11 06:38:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/10/11 06:38:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/10/11 06:38:10 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/10/11 06:38:06 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013/10/11 06:37:40 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/10/11 06:37:38 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/10/11 06:37:35 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/10/11 06:37:34 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/10/11 06:37:34 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/10/11 06:37:33 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/10/11 06:37:32 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/10/11 06:37:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/10/11 06:37:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/10/11 06:37:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/10/11 06:37:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/10/11 06:37:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/10/11 06:37:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/10/11 06:33:20 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/11 06:33:19 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/11 06:32:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/10/04 09:51:41 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/04 09:29:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/01 07:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/21 09:15:28 | 000,000,000 | ---D | C] -- C:\65cfbfdefc72971885b98fd6a91a
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/17 08:36:27 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/17 08:16:57 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 08:16:57 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 08:05:41 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/10/17 08:04:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/17 08:04:36 | 2312,089,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/17 08:03:48 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/10/16 07:50:03 | 000,780,196 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/16 07:50:03 | 000,660,998 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/16 07:50:03 | 000,121,636 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/16 07:25:01 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/15 17:47:28 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Tim\Desktop\JRT_NEW.exe
[2013/10/13 17:17:16 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/11 07:38:01 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/10/11 07:38:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/11 06:53:37 | 000,774,412 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/04 06:04:46 | 000,000,108 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\WB.CFG
[2013/10/04 06:04:45 | 000,000,006 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
[2013/09/22 17:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/09/22 17:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/09/22 17:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/09/22 17:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/09/22 17:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/09/22 16:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/09/22 16:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/09/22 16:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/09/22 16:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/09/22 16:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/09/22 16:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/09/22 16:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/09/22 16:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/09/20 20:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/09/20 20:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/17 08:03:48 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/10/16 07:25:01 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/11 16:59:14 | 000,000,108 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\WB.CFG
[2013/08/11 16:59:14 | 000,000,006 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\WBPU-TTL.DAT
[2011/12/27 11:22:16 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/12/24 12:16:01 | 000,008,772 | -HS- | C] () -- C:\Users\Tim\AppData\Local\1me7mvbum2i115t26l14nwr
[2011/12/24 12:16:01 | 000,008,772 | -HS- | C] () -- C:\ProgramData\1me7mvbum2i115t26l14nwr
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/25 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/04/25 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2013/07/02 09:15:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\337 Wallpaper
[2011/06/12 21:05:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/13 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\CompuClever
[2013/06/15 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Garmin
[2013/06/28 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\player
[2011/06/21 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Smith Micro
[2013/10/11 10:16:19 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SoftGrid Client
[2011/04/24 19:06:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Temp
[2013/10/17 07:29:51 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Toshiba
[2011/04/30 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TP
[2011/04/18 16:02:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Wal-Mart
[2011/04/12 06:03:03 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
 

[marienottingham]

OTL Extras logfile created on: 10/17/2013 8:29:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 34.21% Memory free
5.74 Gb Paging File | 3.37 Gb Available in Paging File | 58.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 145.29 Gb Free Space | 65.67% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0389B9D6-3FC7-4AB0-A04E-9887B7AA244F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{050C71A9-A9A1-464D-9839-D87B619E097A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{1084C800-2C4D-4032-9383-DF726CEF5B2A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{253F78C6-0D9F-4DAD-B907-CF679C32D773}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25E17C1E-94A6-4B06-9CF9-30D9E56918E4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F6B7597-BD12-4D7B-AB29-949F996E198C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35875353-DBDA-4D7A-9D07-375222001368}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B6A37AC-F7FC-4E9B-BC23-9FB2B104E120}" = lport=137 | protocol=17 | dir=in | app=system |
"{496A870C-3400-4240-9995-2C5F1349C384}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50EF936E-740C-42E1-9598-EE4E68791BA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{52F081B0-8AF0-43CD-BEB1-38A32698146A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55529164-7C5E-4D35-9BDF-0500A08A6BB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{591F3C76-5BBD-4570-AC95-1AB28195BDA0}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B764239-46E6-477F-BDC5-DC446B1B93DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{623D2F11-EF85-4BE2-A50A-1B74D9865F86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{678BE4DE-2936-409E-A3F2-95679EB6B135}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7BDF7691-1F2C-41D6-8B5A-1521F914EB74}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7EE612A2-2411-4978-9701-86C22B976E7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85A399F8-91DF-4860-9032-CEF345271F74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F0957AB-ADAC-4309-AFBA-1E642C5C1804}" = rport=138 | protocol=17 | dir=out | app=system |
"{A17F1F14-DA92-474F-8B09-17ADE5CE7063}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A2E7E87B-5491-4D25-89A3-9506E4ABADFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9C4E2AB-D212-43E1-AF70-1884D8C6E9BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE39B3DB-D3D4-4FEA-B68E-C56B06A15D06}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF7541AC-E81E-4AC4-99D0-C971039E7369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0FC7BE5-4722-491E-88A0-0378E6EB8515}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2DD1864-5A99-4D3E-9FD1-49B03C90AFC5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B701C737-C356-4CD4-9B41-0D1322AA1DD1}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9EDA6B8-AAC9-4840-A940-1159E331721A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE98DED1-3861-4C43-8E66-572F837F4364}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEDC6C73-501A-4C9E-A1C7-1F73A3D50291}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D362F2A1-BE43-4541-B448-A168EB39B7CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8B3C3D8-B212-49CC-90FA-DDC5D80D04B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E449B0F8-9A6A-48EA-9F82-B3CC4FED8A92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E9423240-D5D8-4CDE-B930-E3A415FD5F8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB20C4E5-739F-4FEF-9849-D5923D807933}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EFBD6449-275B-47B5-AB75-38EB391CD156}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3012E0E-FF88-4DB1-8340-D7377F0873D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F84E81FD-4787-4D43-AF30-791C1C6D66BE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F923A68A-85FB-425A-9868-A4803806CF1B}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD56486A-F03E-430B-8352-5708F9BB09B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF35CA11-3682-4E4D-9C43-22FB6A3CEA36}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CED131-B5D8-4309-8828-0875F527B8C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{040686A4-8801-41DB-89CF-1D868E110147}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{18F347DC-1925-490C-8BCE-516F1B0B6C58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{25185626-D1D8-434B-AA26-0B0E5329BE34}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{258AE339-2052-42F6-B9D3-B902370700B4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29836840-37DC-4D51-A529-6DF8A538557B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2ACDE38B-D3DE-42A4-A37E-3B35761EF3F0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EAEF271-2A9D-4C59-AC16-CB92112B39B6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{302D49C5-9CB0-4657-A1C4-D5149CC98D0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4513DACF-75FA-400C-8A5B-DFC7E002435C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{481A548E-9C69-4F4D-9ADE-C5B58F1CA840}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D159D4F-B27C-4A84-9015-DDAF2CD24C51}" = protocol=58 | dir=out | [email protected],-28546 |
"{5139FC39-9AFB-4CF4-A48E-B16024D4A2A9}" = protocol=58 | dir=in | [email protected],-148 |
"{5A51103A-27BC-4DB1-B390-322B5A35FB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5AB9B1F4-F63C-4A2D-BCFB-A7151D4715E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67E9151E-F6F6-42A5-9CE2-3343EF13571B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73EE5AF1-1BEF-4FAA-9141-CED35D526A89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C8B1254-AE08-42A5-958A-970277165BD9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D124BE7-EC3C-4D68-B407-AD297C3C6069}" = protocol=1 | dir=out | [email protected],-28544 |
"{7D278F13-4BCE-465A-9B26-FEE2C9CBFC0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7FFE562B-7240-4F41-9573-3CD53DD428B4}" = protocol=1 | dir=in | [email protected],-28543 |
"{8B1BFF6C-E383-4ACE-B58D-A098E876ED62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D95411C-3737-4E95-A76D-B372B424F1D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DA72E55-18D8-4669-A475-58587AC5AC22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1BD4989-6E10-429A-8D84-1D9848BD7979}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A8FA006F-231B-4D37-92C5-807584E02947}" = protocol=6 | dir=out | app=system |
"{D301F7B7-E006-4E2A-B622-547F44E0AF3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D54C92ED-7399-48D6-8AA7-4CB10A861CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{DB10CFDE-0FAC-484F-8286-6D44123E5D24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E61D00EE-BAA9-4258-B2C0-79DB920290A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA5123F3-1ADA-41DD-AD65-BCC7D4ADC622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F0255389-2EA2-4F55-AC4C-28BFD9FB817D}" = protocol=58 | dir=in | [email protected],-28545 |
"{FF53E083-0D0E-435E-9F64-84CB7F106BE6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"TCP Query User{E933EB2B-45BA-4F9B-9CAC-02C8BD4073C0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9FBCB1D4-A038-42B3-B130-4016ACB2D46F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.7
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SMPlayer" = SMPlayer 0.6.9
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-419008064-1442257413-3684721255-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for Zip Opener
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/16/2013 8:17:02 AM | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11201
 
Error - 10/16/2013 9:18:03 AM | Computer Name = Tim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_MMCSS, version: 6.1.7600.16385,
 time stamp: 0x4a5bc3c1  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0000000076ed000a  Faulting process
 id: 0x3d8  Faulting application start time: 0x01ceca6578ea8dfc  Faulting application
 path: C:\windows\system32\svchost.exe  Faulting module path: unknown  Report Id: 62c6cc9d-3665-11e3-a875-00266cae4df0
 
Error - 10/16/2013 9:23:17 AM | Computer Name = Tim-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 10/16/2013 9:45:17 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 8:32:17 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 8:37:07 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 9:09:21 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 9:22:42 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 9:53:37 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
Error - 10/17/2013 10:06:16 AM | Computer Name = Tim-PC | Source = Toshiba App Place | ID = 0
Description =
 
[ System Events ]
Error - 10/17/2013 9:10:09 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 34001
Description =
 
Error - 10/17/2013 9:10:09 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 30013
Description =
 
Error - 10/17/2013 9:23:14 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 34001
Description =
 
Error - 10/17/2013 9:23:14 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 30013
Description =
 
Error - 10/17/2013 9:37:55 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 10/17/2013 9:52:42 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 34001
Description =
 
Error - 10/17/2013 9:52:42 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 30013
Description =
 
Error - 10/17/2013 10:04:42 AM | Computer Name = Tim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:53:51 AM on ?10/?17/?2013 was unexpected.
 
Error - 10/17/2013 10:05:41 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 34001
Description =
 
Error - 10/17/2013 10:05:41 AM | Computer Name = Tim-PC | Source = ipnathlp | ID = 30013
Description =
 
 
< End of report >
 

[flashh4]

Marie, It will take me a bit to look over that log !! And see what all needs fixed.

 

I need you to run Malwarebytes again & post that log please !!

 

 

Thanks

Chuck

[flashh4]

Hi Marie, ok now make sure you copy everything & paste it into the box !!!!!

 

We need to Run an OTL fix !!

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the . Do not include the word Code

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE:64bit: - HKLM\..\SearchScopes\{9D9724D8-EF99-41E8-80DF-EB93D2581D40}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{62CA7BDD-07E3-4243-A757-FDD6679214A1}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - No CLSID value foundIE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value foundIE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value foundIE - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\SearchScopes,DefaultScopeFF - prefs.js..browser.search.useDBForOrder: trueFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2012/08/01 21:33:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions[2013/09/27 07:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\d3gnp8c3.default\extensions[2013/10/01 07:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsCHR - default_search_provider:  ()CHR - default_search_provider: search_url =CHR - default_search_provider: suggest_url =CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\CHR - Extension: No name found = C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.O3 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: []  File not foundO4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not foundO4 - HKU\S-1-5-21-419008064-1442257413-3684721255-1000..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not foundO4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not foundO4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKLM..\RunOnceEx: []  File not foundO9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O33 - MountPoints2\{58aec13d-e3fb-11e2-8b8b-00266cae4df0}\Shell - "" = AutoRunO33 - MountPoints2\{58aec13d-e3fb-11e2-8b8b-00266cae4df0}\Shell\AutoRun\command - "" = E:\menu.exeO33 - MountPoints2\{bb7fb588-64a1-11e0-ac52-00266cae4df0}\Shell - "" = AutoRunO33 - MountPoints2\{bb7fb60d-64a1-11e0-ac52-00266cae4df0}\Shell - "" = AutoRunO33 - MountPoints2\{bb7fb62f-64a1-11e0-ac52-7a8020000200}\Shell - "" = AutoRunO33 - MountPoints2\{e24019e3-a818-11e0-8d79-00266cae4df0}\Shell - "" = AutoRunO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detectO33 - MountPoints2\{bb7fb62f-64a1-11e0-ac52-7a8020000200}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detectO33 - MountPoints2\{e24019e3-a818-11e0-8d79-00266cae4df0}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detectO33 - MountPoints2\{bb7fb588-64a1-11e0-ac52-00266cae4df0}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



 

 

 

NEXT

 

 

 

 

 

Download  Security Check by screen317 from here >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe

   * Save it to your Desktop.
   * Double click  SecurityCheck.exe and follow the onscreen instructions inside of the black box.
   * A Notepad document should open automatically called  checkup.txt; please post the contents of that document.

 

 

So next i need the logs:

 

1. Security Check

2. OTL Fix

3. Re-run of Malwarebytes log

 

 

Thanks

Chuck

[flashh4]

Marie are you still in need of help ?? Please respond with-in 24 hrs. or this topic will be closed !!

 

Chuck

[flashh4]

Since there has been no response in 5 days this topic is locked !! If you need this re-opened please PM me or another Mod !

 

Thanks

Chuck