CNET Freemake video converter installs conduit/won't remove

theredog · December 19, 2013

I can't believe this happened so soon after you fixed me up last week.

I asked a forum member at IOM TT Forum what program he used to convert video to upload and he tells me

Freemake video converter. Found it at CNET,wnet through the install instructions and declined 4 installs of other BS.

Well, I now have "connect" toolbar that I don't want and it won't remove. CNET use to be safe, I thought.

So far I have run Malwarebytes twice. First time it had 80 hits. Second time one hit. Removed but the toolbar is still there.

Why me?

theredog · December 19, 2013

OK, I took it upon myself to run ADW Cleaner and the "connect" toolbar is now gone. Windows firewall was turned off and agv disabled until reboot.

Don't see "conduit" folder anymore.

ADW Cleaner Log:

# AdwCleaner v3.015 - Report created 19/12/2013 at 08:34:02
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Redog - T00T1E_3564
# Running from : C:\Users\Redog\Desktop\CNET\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Users\Redog\AppData\Local\Conduit
Folder Deleted : C:\Users\Redog\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Redog\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Redog\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Redog\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Smartbar
Folder Deleted : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\ValueApps
Folder Deleted : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\CT3306061
Folder Deleted : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
Folder Deleted : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
File Deleted : C:\END
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\prefs.js ]

Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.FirstTime", "true");
Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3306061.UserID", "UN31507825082417912");
Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.appOptions", "{\"130158552044672304\":{\"render\":true,\"disabled\":true,\"appGuid\":\"\",\"appClientGuid\":\"\",\"isPersonalApp\":false}}");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.countryCode", "US");
Line Deleted : user_pref("CT3306061.defaultSearch", "true");
Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3306061.enableAlerts", "true");
Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN31507825082417912.IN.20131218214916");
Line Deleted : user_pref("CT3306061.homepageuserchanged", true);
Line Deleted : user_pref("CT3306061.installDate", "18/12/2013 21:49:19");
Line Deleted : user_pref("CT3306061.installSessionId", "{EB386406-47EF-4F9A-8B76-5D61CAD8B5C5}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3306061.installUsage", "2013-12-19T05:50:23.8892057+03:00");
Line Deleted : user_pref("CT3306061.installUsageEarly", "2013-12-19T05:50:19.5206177+03:00");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.keyword", "true");

Line Deleted : user_pref("CT3306061.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fduckduckgo.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Search%20DuckDuckGo\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN[...]
Line Deleted : user_pref("CT3306061.openThankYouPage", "false");
Line Deleted : user_pref("CT3306061.openUninstallPage", "true");

Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "DuckDuckGo");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "DuckDuckGo");
Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Deleted : user_pref("CT3306061.search.searchCount", "0");
Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");

Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1387421424769");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387421430796");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1387421430996");
Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387421430912");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1387421424780");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1387421429394");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.23.0.722_lastUpdate", "1387456469773");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387458484630");
Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387421430956");
Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1387421431243");
Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1387421422159");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387421430870");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1387456472413");
Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1387421442512");
Line Deleted : user_pref("CT3306061.settingsINI", true);
Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");
Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Deleted : user_pref("CT3306061.startPage", "true");
Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "19-12-2013");
Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "19-12-2013");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "18-12-2013 21:49:17");
Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Wed Dec 18 2013 21:50:31 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387458481420,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "KKML40/IAUO88XGDYYN+I39XLRGHX9FPN3MRGGFIKDHDESERXQJ/FJTCZ4DTM12MOB2P34FFU1CHNEUNVEBJEQ");

-\\ Google Chrome v

[ File : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10750 octets] - [04/12/2013 04:49:36]
AdwCleaner[R1].txt - [13461 octets] - [19/12/2013 08:30:42]
AdwCleaner[s0].txt - [8925 octets] - [04/12/2013 04:52:29]
AdwCleaner[s1].txt - [13516 octets] - [19/12/2013 08:34:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [13577 octets] ##########

Malwarebytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Redog :: T00T1E_3564 [administrator]

12/19/2013 8:38:42 AM
mbam-log-2013-12-19 (08-38-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228486
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

flashh4 · December 19, 2013

Hey Red, glad you used AdwCleaner, it should of gotten rid of "Conduit" ! I would like to do a little more cleaning could you dwnload OTL and Security Check & post the logs !

Download OldTimer to your desk top !

Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.

* Check the following.

o Scan all users.

o Standard Output. o Lop check.

o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList

* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

* When finished it will produce two logs.

o OTL.txt (open on your desktop).

o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

NEXT

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

* Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.

* A Notepad document should open automatically called checkup.txt

* Please post the contents of that document in your next reply.

Post Next:

1. OTL (logs)

2. Security Check log

Thanks

Chuck

theredog · December 19, 2013

Firewall off, agv disabled until reboot

OTL:

OTL logfile created on: 12/19/2013 9:58:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Redog\Desktop\CNET
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.87% Memory free
12.00 Gb Paging File | 10.31 Gb Available in Paging File | 85.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.53 Gb Total Space | 18.27 Gb Free Space | 23.27% Space Free | Partition Type: NTFS
Drive D: | 33.16 Gb Total Space | 6.27 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive F: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 635.25 Gb Total Space | 93.47 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
Drive K: | 296.13 Gb Total Space | 92.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: T00T1E_3564 | User Name: Redog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/19 09:52:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redog\Desktop\CNET\OTL.com
PRC - [2013/12/11 15:34:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/03 08:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 22:48:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/07/14 03:00:00 | 000,032,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/11 15:34:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/04 21:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/28 05:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013/12/11 15:34:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/03 08:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/13 18:34:11 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/23 16:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/07/14 03:00:00 | 000,032,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/27 19:24:18 | 000,175,480 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/14 01:28:51 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/03 20:40:19 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/09 03:06:31 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/04/09 03:06:31 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 22:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/04 21:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/24 12:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 12:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/04/20 14:59:02 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2010/04/20 14:59:00 | 000,376,816 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 19:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 19:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 00:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/05/25 03:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\..\SearchScopes\{F46D60AB-E541-434F-B755-B66C1582F16A}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24127829392596022&UM=2
IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.1.1030
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.16
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.67
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Redog\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Redog\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 [2013/12/15 19:21:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 [2013/12/15 19:21:10 | 000,000,000 | ---D | M]

[2013/12/11 10:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Extensions
[2013/12/19 08:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions
[2013/12/13 04:20:40 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/12/15 09:17:02 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2013/12/15 09:18:18 | 000,000,000 | ---D | M] (Purple Fox) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2013/12/11 15:57:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/15 09:19:10 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2013/12/13 04:20:41 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]
[2013/12/17 04:26:03 | 000,000,000 | ---D | M] ("Nuvola") -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]
[2013/12/17 04:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\extensions
[2013/12/12 06:05:32 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]
[2013/12/12 06:05:32 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]
[2013/12/11 16:13:06 | 000,535,138 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/12/11 16:14:01 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/17 04:25:58 | 000,000,066 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\extensions\xpinstallConfirm.css
[2013/12/17 04:25:57 | 000,001,767 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallConfirm.css
[2013/12/17 04:25:59 | 000,002,214 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallItemGeneric.png
[2013/02/06 20:01:35 | 000,010,339 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo-1.xml
[2013/02/06 20:01:31 | 000,010,339 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo.xml
[2012/02/02 16:41:08 | 000,001,119 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\scroogle-ssl.xml
[2013/12/11 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 15:34:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/15 19:21:10 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\REDOG\APPDATA\ROAMING\IDM\IDMMZCC5

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.3_0\
CHR - Extension: No name found = C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.3_1\

O1 HOSTS File: ([2013/12/11 10:28:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Redog\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=6a96ebb8546e47d68edad157cad4667a-997cf610540e71f76499a2920d29c41cd41620a3 /CMPID=1113a File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O1364bit: - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D8293A4-E241-49E4-90A2-0984EF22F4E2}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA19AB9-C644-4FF0-AF23-587D08155F27}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E6870D-0465-4503-86F8-2B8236229B3C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15360ea1-451a-11e1-a9d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15360ea1-451a-11e1-a9d3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Install.exe
O33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell - "" = AutoRun
O33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Redog\Desktop\CNET
[2013/12/18 21:52:36 | 000,000,000 | ---D | C] -- C:\Users\Redog\AppData\Local\CRE
[2013/12/15 04:43:44 | 000,175,480 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/12/11 15:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/11 06:15:42 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 06:15:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 06:15:42 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 06:15:40 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 06:13:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 06:13:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 06:12:42 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 06:12:42 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/10 20:15:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/10 20:15:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/10 20:15:01 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/10 20:15:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/10 20:15:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/10 20:15:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/10 20:15:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/10 20:15:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/10 20:15:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/10 20:15:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/10 20:15:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/10 20:15:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/10 20:15:00 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/10 20:14:59 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/10 20:14:58 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/10 20:14:56 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/10 19:59:56 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/10 19:59:56 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/10 19:59:56 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/10 19:59:55 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/10 19:59:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/10 19:59:55 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/10 19:59:16 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/10 19:59:16 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 19:59:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/06 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USPS
[2013/12/04 18:29:22 | 000,000,000 | ---D | C] -- C:\Users\Redog\AppData\Roaming\DMCache
[2013/12/04 10:54:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/04 04:49:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/30 10:51:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/30 10:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/28 06:10:33 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysNative\AdpeakProxy64.dll
[2013/11/26 06:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/21 11:47:50 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/21 11:45:54 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/21 11:45:54 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/21 11:45:52 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/21 11:45:52 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/21 11:45:52 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/21 11:45:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/21 11:45:51 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/21 11:45:51 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/21 11:45:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/21 11:45:51 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/21 11:45:51 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/21 11:45:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/21 11:45:51 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/21 11:45:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/21 11:45:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/21 11:45:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/21 11:45:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/21 11:45:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/21 11:45:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/21 11:45:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/21 11:45:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/21 11:45:50 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/21 11:45:50 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/21 11:45:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/21 11:45:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/21 11:45:50 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/21 11:45:50 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/21 11:45:50 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/21 11:45:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/21 11:45:50 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/21 11:45:50 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/21 11:45:50 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/21 11:45:50 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/21 11:45:50 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/21 11:45:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/21 11:45:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/21 11:45:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/21 11:45:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/21 11:45:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/21 11:45:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/21 11:45:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/21 11:45:49 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/21 11:45:49 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/21 11:45:49 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/21 11:45:49 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/21 11:45:49 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/21 11:45:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/21 11:45:49 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/21 11:45:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/21 11:45:49 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/21 11:45:49 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/21 11:45:49 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/21 11:45:49 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/21 11:45:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/21 11:45:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/21 11:45:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/21 11:45:48 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/21 11:45:48 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/21 11:45:48 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/21 11:45:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/21 11:45:48 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/21 11:45:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/21 11:45:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/21 11:45:48 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/05/03 20:40:19 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Redog\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/19 09:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1659189456-1754463573-1767136624-1001UA.job
[2013/12/19 09:13:56 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 09:13:56 | 000,015,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 09:11:00 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 09:11:00 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 09:11:00 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/19 09:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 09:06:18 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 13:35:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1659189456-1754463573-1767136624-1001Core.job
[2013/12/11 10:28:55 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/10 20:39:19 | 000,356,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/06 13:19:01 | 000,002,140 | ---- | M] () -- C:\Users\Redog\Desktop\Click-N-Ship for BusinessÂ®.lnk
[2013/11/30 10:51:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/27 19:24:18 | 000,175,480 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/11/26 05:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 04:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 04:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 04:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 04:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 04:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 04:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 03:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 03:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 03:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 03:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 03:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 02:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 01:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 01:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/23 13:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 12:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/21 11:45:54 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/21 11:45:54 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/21 11:45:52 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/21 11:45:52 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/21 11:45:52 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/21 11:45:52 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/21 11:45:51 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/21 11:45:51 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/21 11:45:51 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/21 11:45:51 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/21 11:45:51 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/21 11:45:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/21 11:45:51 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/21 11:45:51 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/21 11:45:51 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/21 11:45:51 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/21 11:45:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/21 11:45:51 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/21 11:45:51 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/21 11:45:51 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/21 11:45:51 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/21 11:45:51 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/21 11:45:50 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/21 11:45:50 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/21 11:45:50 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/21 11:45:50 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/21 11:45:50 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/21 11:45:50 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/21 11:45:50 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/21 11:45:50 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/21 11:45:50 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/21 11:45:50 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/21 11:45:50 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/21 11:45:50 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/21 11:45:50 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/21 11:45:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/21 11:45:50 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/21 11:45:50 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/21 11:45:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/21 11:45:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/21 11:45:50 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/21 11:45:50 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/21 11:45:49 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/21 11:45:49 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/21 11:45:49 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/21 11:45:49 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/21 11:45:49 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/21 11:45:49 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/21 11:45:49 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/21 11:45:49 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/21 11:45:49 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/21 11:45:49 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/21 11:45:49 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/21 11:45:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/21 11:45:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/21 11:45:49 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/21 11:45:49 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/21 11:45:49 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/21 11:45:48 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/21 11:45:48 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/21 11:45:48 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/21 11:45:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/21 11:45:48 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/21 11:45:48 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/21 11:45:48 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/21 11:45:48 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 13:19:01 | 000,002,140 | ---- | C] () -- C:\Users\Redog\Desktop\Click-N-Ship for BusinessÂ®.lnk
[2013/11/30 10:51:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 11:45:51 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/21 11:45:49 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/10/08 11:51:23 | 000,000,017 | ---- | C] () -- C:\Users\Redog\AppData\Local\resmon.resmoncfg
[2013/03/15 20:24:33 | 000,000,886 | ---- | C] () -- C:\Users\Redog\AppData\Local\recently-used.xbel
[2012/11/24 21:46:55 | 000,061,132 | ---- | C] () -- C:\Users\Redog\AppData\Local\rx_audio.Cache
[2011/09/25 20:14:39 | 000,913,708 | ---- | C] () -- C:\Users\Redog\AppData\Local\rx_image32.Cache
[2011/08/29 16:50:43 | 000,000,520 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/05/13 08:26:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/07 05:30:39 | 000,000,290 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/03 20:40:19 | 000,099,384 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\inst.exe
[2011/05/03 20:40:19 | 000,007,859 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\pcouffin.cat
[2011/05/03 20:40:19 | 000,001,167 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 02:09:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 02:09:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/10/10 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\.Tribler
[2011/12/16 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Activision
[2013/09/23 20:46:24 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\AVG2014
[2013/11/21 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\BitTorrent
[2011/11/26 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Bizarre Creations
[2011/12/16 10:24:08 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Capcom
[2013/12/19 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\DMCache
[2011/05/03 00:35:25 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Easeware
[2013/12/15 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\IDM
[2011/11/19 17:12:27 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\ImgBurn
[2011/04/08 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Leadertech
[2012/01/30 10:08:53 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Pegasus Mail
[2011/04/10 11:34:38 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Simple Star
[2012/01/31 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Thunderbird
[2012/12/13 18:58:28 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\TuneUp Software
[2012/10/30 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Ulead Systems
[2012/11/08 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Vso
[2012/03/14 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\WinAVI
[2012/11/25 11:48:31 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

OTL Extras Log:

OTL Extras logfile created on: 12/19/2013 9:58:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Redog\Desktop\CNET
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.87% Memory free
12.00 Gb Paging File | 10.31 Gb Available in Paging File | 85.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.53 Gb Total Space | 18.27 Gb Free Space | 23.27% Space Free | Partition Type: NTFS
Drive D: | 33.16 Gb Total Space | 6.27 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
Drive F: | 7.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 635.25 Gb Total Space | 93.47 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
Drive K: | 296.13 Gb Total Space | 92.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: T00T1E_3564 | User Name: Redog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FD565D-F616-4586-AEE3-30F1125A3A03}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E17C767-285D-4CAA-A990-E29DF4470FBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{37C04776-BE2E-49F6-92D9-F76BE3CF05C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F8B958A-B4A5-409E-935E-733FEACCCF23}" = lport=137 | protocol=17 | dir=in | app=system |
"{54E28ACF-3236-4370-9D13-AF59014F0603}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5E0AA4F8-3B45-4019-9C5B-C5AF561C5D70}" = rport=139 | protocol=6 | dir=out | app=system |
"{71AF8297-EF0F-4A0B-8907-D80DCB02D0F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72BFC3EB-1B01-4C8B-A65C-D334EA88FA7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E411DD1-EFE6-4C73-8A41-945BB76E6367}" = rport=10243 | protocol=6 | dir=out | app=system |
"{83EE96E2-6696-4F5A-A29E-803C4461D47C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C2EF7DC-DFAF-4E0C-B4BC-54783D366286}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CBE5199-B828-41F7-BAED-9FBCCBF97D89}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D492331-79F5-4C04-944F-B0BAFBBA1DEC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93AF88D0-00C9-42BB-B19C-2D43EA5454EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9EB5C0A-33E3-4B57-B9CC-4CD1339E2DE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF5ED522-6699-43CA-AF20-F5EE3464467D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFCC7F91-0AC1-457A-8EFB-6E9B974571EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3AC60C9-A605-4AA2-AD5E-870D04E31A54}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C893B01A-3380-4683-B4EE-D46FA6412102}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE91B7AE-A486-47DE-912A-459E67DD83DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEA037CB-808F-4398-B2C9-C4741DAF60ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E58D2FC4-0D4B-4258-B218-30B14634A25C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7D922DE-8851-48E7-8C9E-0DF1EDB3D98D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03036419-1D69-4ECF-8FFE-227AA3ABBC03}" = protocol=17 | dir=in | app=c:\users\redog\appdata\local\temp\7zs4fc9\hppiw.exe |
"{0A08B9F6-4019-4C37-AF17-9C1B10C25773}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{0AF02342-9486-4532-8FB5-3C21E23567BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C14DA87-D353-4AC9-BF29-515FC2806326}" = protocol=1 | dir=in | [email protected],-28543 |
"{0C7AC355-3AE5-40F5-A5FD-02CBE513C5A6}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{0E8C9104-6797-4A55-AD18-4660070EA52E}" = protocol=17 | dir=in | app=e:\setup.exe |
"{129BE867-34FC-48E6-BAF9-9FA5BC7ECAEE}" = protocol=6 | dir=in | app=c:\users\redog\appdata\roaming\bittorrent\bittorrent.exe |
"{15AF5C7C-B557-41C4-9E7D-29EAE4EC53F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{17008346-5078-460C-810A-860F33C40292}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B476FE1-4742-4FF4-B6CF-FE9D1DBEC2BD}" = protocol=17 | dir=in | app=e:\setup.exe |
"{1C5AE9B1-0459-4BB8-8C53-21066E294F37}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{21ED90B9-E419-4E48-8EDE-228115BF8AFB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{2410216F-018A-4EDF-A826-9489570F7A40}" = protocol=58 | dir=in | [email protected],-28545 |
"{248C1BEF-DA77-485B-BB62-F9F98856DFB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{34C39806-BD5B-4C8C-A281-8EC80726386D}" = protocol=6 | dir=in | app=j:\jb 007 quantum of solace\jb_liveengine_s.exe |
"{39A30931-A93D-473F-AF83-01C55377BFD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{3E53F0C1-EB7C-4596-A86C-14F00EB707D7}" = protocol=6 | dir=in | app=e:\setup.exe |
"{42F7C94A-9733-4DBC-8935-0947FB735F11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{49C7137B-EABF-4C46-8158-F3228A8C6354}" = protocol=6 | dir=in | app=j:\moto gp 2008\launcher.exe |
"{4CB32928-0BB2-450C-A6A8-70F239654456}" = protocol=6 | dir=in | app=e:\setup.exe |
"{4D5A83F7-CAC1-47A5-9C23-BCA3777C8EB6}" = protocol=6 | dir=out | app=system |
"{56ADC48E-37C0-45E3-A09B-2142B7473B2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FE9E016-4E72-4FBF-AB50-6DFAF533A0B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6491292C-838C-42C2-88D6-34F7EA4EA979}" = protocol=17 | dir=in | app=j:\jb 007 quantum of solace\jb_liveengine_s.exe |
"{6610ED1C-B067-42CB-9742-CEF48F9D4BA0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{7673FEE9-5B5C-45E0-80E4-4A83E944EBED}" = protocol=17 | dir=in | app=j:\moto gp 2008\launcher.exe |
"{7928B7C7-A23B-46C9-A403-51DC939C7A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{797B82FC-9343-4B11-A436-25A159EF27E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{7CEB3282-C547-4930-B9E0-0C186602F45E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{80479EA6-278A-4217-85CE-02E95D0FD693}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{815630A0-3CE3-4EFB-AA3A-B71912240BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{820535A1-C259-40BD-BF14-558FF14E5529}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85650DFF-74F1-458A-861C-A365ACD65ED2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{94531526-8757-4EE4-8321-EECD3331F61C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9930046E-27C3-4BB6-B5C2-D6E37D19B424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1129756-BD6C-4B23-AA1D-C0020831BE09}" = protocol=17 | dir=in | app=c:\users\redog\appdata\roaming\bittorrent\bittorrent.exe |
"{A4926CAA-5CD7-4BEC-B4AF-BDC09A458CFF}" = protocol=6 | dir=in | app=j:\damnation\binaries\damngame.exe |
"{A8898481-28CC-482D-92CA-B705DAF23673}" = protocol=58 | dir=out | [email protected],-28546 |
"{AAD00443-066B-47EF-9607-C1E89A94E2C1}" = protocol=1 | dir=out | [email protected],-28544 |
"{AD2D2204-0A64-45DB-A36A-0302968C1F71}" = protocol=17 | dir=in | app=j:\damnation\binaries\damngame.exe |
"{BDFEFCD5-2292-486C-97AA-B0A9998F53A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C122D3D4-47DD-4B21-8955-A057262B23A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CD8030C8-6CF4-4716-92CF-A64FD3CD952B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D0D40518-9ADD-445A-B603-F669F0985347}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D8B3E27A-3EAC-40A4-9001-0A449A9C42A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{D8E4DB77-BD9E-43D6-BB1B-FE18B759DA76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DECC7F3D-6887-4F52-B71D-496351955DC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1EAD54D-F848-432E-A2C0-B962ABD439D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBB201DD-9ABF-4985-B068-6F18CDC5260F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF482911-3BCD-4F91-BAEE-1BDE66316942}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F0D16CC8-CED3-4185-B660-8B73AE2F720E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F527CDF4-59FB-4F19-9A64-C3D0B8125AF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD1EF11E-725D-4C7C-A5F1-1F2F83916F85}" = protocol=6 | dir=in | app=c:\users\redog\appdata\local\temp\7zs4fc9\hppiw.exe |
"{FE416BC7-5D70-4239-9AA8-13A61409A8A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4A1AE217-FED2-4EC2-83AF-563082038C60}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe" = protocol=6 | dir=in | app=d:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe |
"TCP Query User{510F28D2-D215-406E-BD94-FDE67FAFE6AC}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@programfiles@\alcohol soft\alcohol 120\starwind\starwindserviceae.exe" = protocol=6 | dir=in | app=c:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@programfiles@\alcohol soft\alcohol 120\starwind\starwindserviceae.exe |
"TCP Query User{A464F377-C0A3-431A-9683-937AC86543DA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D7BA6984-D06E-427C-8EE4-665E537713C5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{09D6E20D-231C-4A3F-A590-6FBC014E0394}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@programfiles@\alcohol soft\alcohol 120\starwind\starwindserviceae.exe" = protocol=17 | dir=in | app=c:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@programfiles@\alcohol soft\alcohol 120\starwind\starwindserviceae.exe |
"UDP Query User{15218D78-AE8B-4639-8960-29C060C9D9C0}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe" = protocol=17 | dir=in | app=d:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe |
"UDP Query User{87B7AB44-FECF-4780-8113-D134AC80F0F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B35207AA-1DDC-44B7-A383-C5C231330A46}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.8 (64-bit)
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.22

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{13C64D80-2447-4509-B98D-614CAF6A9D42}" = Damnation
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Click-N-Ship for BusinessÂ®
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{211B0612-B93E-493A-9209-FC583D715444}_is1" = STL Viewer 2.3
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteurâ„¢
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace 1.1 Patch
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
"{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3C697E8-9183-4088-994C-2662166830BC}" = Damnation
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version SRWare Iron 30.0.1650.0
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.7.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CodeStuff Starter" = CodeStuff Starter
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"EADM" = EA Download Manager
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace 1.1 Patch
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Roxio PhotoShow" = Roxio PhotoShow
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"Shellshock2" = Shellshock 2
"Steam App 8190" = Just Cause 2
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2013 8:55:31 AM | Computer Name = T00t1e_3564 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 25.0.1.5064 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: 1244    Start
Time: 01cef281ea9cc0f7    Termination Time: 32    Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe    Report Id: af1b33ef-5e75-11e3-9b66-001e8c308f89

Error - 12/8/2013 9:34:26 PM | Computer Name = T00t1e_3564 | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 25.0.1.5064 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: 1304    Start
Time: 01cef47b2a0b9f58    Termination Time: 43    Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe    Report Id: 0891e410-6072-11e3-95f1-001e8c308f89

Error - 12/18/2013 10:50:06 PM | Computer Name = T00t1e_3564 | Source = CltMngSvc | ID = 1000
Description =

Error - 12/18/2013 10:52:40 PM | Computer Name = T00t1e_3564 | Source = CltMngSvc | ID = 1000
Description =

Error - 12/18/2013 10:53:49 PM | Computer Name = T00t1e_3564 | Source = CltMngSvc | ID = 1000
Description =

Error - 12/19/2013 9:34:23 AM | Computer Name = T00t1e_3564 | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1677 Exception code: 0x0000046b Fault offset: 0x000000000000940d
Faulting
process id: 0x1164 Faulting application start time: 0x01cefc6e0b0de458 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 45424827-68b2-11e3-a030-001e8c308f89

[ System Events ]
Error - 12/18/2013 11:23:21 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error:   %%126

Error - 12/18/2013 11:54:32 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 12/18/2013 11:56:33 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error:   %%126

Error - 12/19/2013 9:34:26 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 12/19/2013 9:34:56 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error:   %%50    To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 12/19/2013 9:34:56 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error:   %%1069

Error - 12/19/2013 9:36:21 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 12/19/2013 9:38:22 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error:   %%126

Error - 12/19/2013 10:06:53 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 12/19/2013 10:08:54 AM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error:   %%126

< End of report

Secure Log:

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2014
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

flashh4 · December 19, 2013

Thanks Red, a lot of out of dates but hold off on updating them untill i look threw the OTL log & i will have a fix for you !!

flashh4 · December 19, 2013

P2P Warning

C:\Users\Redog\AppData\Roaming\BitTorrent

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htm

File sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers

USAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm

infoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft

Below are a few more articles on P2P that you may wish to read ....

http://www.us-cert.gov/cas/tips/ST05-007.html

http://www.fbi.gov/scams-safety/peertopeer/oeertopeer

http://www.benedelman.org/spyware/p2p/

http://www.pcworld.com/article/126230/i ... works.html

Either refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!!

theredog · December 19, 2013

We went through this on the last infection last week. I haven't used BT in awhile due to other issues and I have removed Tribler from computer.

I don't plan on using Fremake video converter from their website or CNET either. Their website suggests adding browser toolbars also.

What about your " a lot of out of dates but hold off on updating them untill i look threw the OTL log"?

Is the confuser clean again?

flashh4 · December 19, 2013

Hi Red, lets do an OTL Fix !

We need to Run an OTL fix !!

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.

* Copy and Paste the following code into the

. text box of the OTL tool/program ! Start with and include the colon plus :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\..\SearchScopes\{F46D60AB-E541-434F-B755-B66C1582F16A}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24127829392596022&UM=2FF - user.js - File not found[2013/12/11 10:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Extensions[2013/12/19 08:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions[2013/12/12 06:05:32 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected][2013/12/12 06:05:32 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected][2013/12/11 16:13:06 | 000,535,138 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi[2013/12/11 16:14:01 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2013/12/17 04:25:58 | 000,000,066 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\extensions\xpinstallConfirm.css[2013/12/17 04:25:57 | 000,001,767 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallConfirm.css[2013/12/17 04:25:59 | 000,002,214 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallItemGeneric.png[2013/12/11 15:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsO4 - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Redog\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=6a96ebb8546e47d68edad157cad4667a-997cf610540e71f76499a2920d29c41cd41620a3 /CMPID=1113a File not foundO1364bit: - gopher Prefix: missingO33 - MountPoints2\{15360ea1-451a-11e1-a9d3-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell - "" = AutoRunO33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe  :Commands [emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.

# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.

Remember to enable your real time protection.

Post that log next !!

Thanks

Chuck

theredog · December 19, 2013

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F46D60AB-E541-434F-B755-B66C1582F16A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F46D60AB-E541-434F-B755-B66C1582F16A}\ not found.
C:\Users\Redog\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\META-INF folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66} folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\defaults\preferences folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\defaults folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\modules folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\os_special\XP folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\os_special\mac folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\os_special\linux folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\os_special\aero folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\os_special folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\update folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\shared folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\profile folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\plugins folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\places folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\passwordmgr folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\handling folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\extensions folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\downloads folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\tree folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\toolbar folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\throbber folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\splitter folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\scrollbar folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\scale folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\radio folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\progressmeter folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\menu folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\media folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\icons folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\dirListing folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\CuteMenus folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\console folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\checkbox folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\button folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\arrow folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global\alerts folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\global folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\communicator folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\tabview folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\tabbrowser folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\preferences\in-content folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\preferences folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\places folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\newtab folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\icons folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\feeds folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\downloads folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\devtools\app-manager\images folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\devtools\app-manager folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\devtools folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser\customizableui folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\browser folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\app_version\28 folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\app_version\16 folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\app_version folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images\manage folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images\badge folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\fonts folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\images\counter folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\images folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\dnt-api folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\twitter_bootstrap folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\pidcrypt folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\jqplot folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\storage folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] folder moved successfully.
C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions folder moved successfully.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\extensions\xpinstallConfirm.css not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallConfirm.css not found.
File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\mozapps\xpinstall\xpinstallItemGeneric.png not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15360ea1-451a-11e1-a9d3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15360ea1-451a-11e1-a9d3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dafcf36-6221-11e0-ad60-0015af507bd9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dafcf36-6221-11e0-ad60-0015af507bd9}\ not found.
File H:\TL-Bootstrap.exe not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Redog
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Redog
->Flash cache emptied: 2163 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Redog
->Temp folder emptied: 5266398 bytes
->Temporary Internet Files folder emptied: 1249465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77411121 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1775545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1493312 bytes

Total Files Cleaned = 83.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12192013_111101

Files\Folders moved on Reboot...
C:\Users\Redog\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Redog\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

flashh4 · December 19, 2013

I still have to give you the P2P warning every time i see it in your logs !!

Chuck

flashh4 · December 19, 2013

Cleaned up nicely & not a lot !!

Clean up with OTL

Right-click OTL.exe and select " Run as administrator " to run it.

This will remove all the tools we used to clean your pc.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CleanUp! button

Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Now you can check to see if you have any updates that you may want to get !!

Chuck

theredog · December 19, 2013

Understand. It will eventually be removed.

theredog · December 19, 2013

Done OTL clean up with AGV enabled and Firewall disabled.

Again I noticed this process has removed most plug ins from Firefox

Flags, WOT, Anonymox, No Script etc. . .

flashh4 · December 19, 2013

Again I noticed this process has removed most plug ins from Firefox
Flags, WOT, Anonymox, No Script etc. . .

And your point is ??

theredog · December 19, 2013

Well, the last time (Scorpion Saver Thread) you said you couldn't understand what would cause that.

What about the updates?

I have two in Firefox a Java Development Toolkit and VLC Web Plug In that are out of date.

Are you telling me I need to update other stuff?

flashh4 · December 19, 2013

AVG AntiVirus Free Edition 2014 >>> Antivirus out of date! <<< sometimes there seems to be a false reading on AVG so it's up to you to check & see if it's the most recent, it does say you have 2014 !!

Java version out of Date! ......... Update Java Runtime

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.

1. Go to http://java.sun.com/javase/downloads/index.jsp

From your other post :

In Codestuff Starter some items are missing and AGV now has two items enabled and I noticed most of the add ons and plug-ins I had in Firefox are gone.

I cannot see your things placed into CodeStuff starter that are missing !!

AGV now has two items enabled <<< all you should have to do is disable them

I noticed most of the add ons and plug-ins I had in Firefox are gone. The ones we previously removed were not usable !!

Therefore i posted >>> Red, i don't know what's up with those nothing i see could cause that !

=====================

I just report what our programs tell us ! That's the best we can do with out actually using remote into your computer which i would never do !!

Thanks & Happy Surfing !

I will lock this in 5 days !!

theredog · December 20, 2013

It happened again. I was looking for a reply and didn't see page 2. I ran a Java check and a Java removal tool and both say I have the latest version.

Can't work it in Firefox but in IE. Why is that?

Would you suggest I go back to Avast instead of AGV? I manually update that at least once a week but more often than not I check it a few times a day.

Depends on how slow the connection is.

flashh4 · December 20, 2013

Avast is the better of the 2 antivirus !! Avast can be set to update automatically !! But i never tell anyone what to run ! I just tell them what i use ! But it is not advisable to run more than 1 antivirus, they fight each other !

Can't work it in Firefox but in IE. Why is that?

May be something is blocking it !! Works in my firefox an all other browsers !!

theredog · December 20, 2013

Alright. The double AGV entry in Codestuff was gone today. I think after I ran ADW Cleaner.

Maybe No Script is blocking java. Who knows. No big deal, they're all loaded again.

Thanks so much for all your help and tolerance. Going to refrain from sniffing around the net for a while now.

flashh4 · December 20, 2013

LOL ...... pleasure Red !

Happy Surfing & Stay Clean !!

Chuck

flashh4 · December 24, 2013

It seems this problem has been solved, i will lock this topic ! If you need this re-opened please PM me or another Mod !

Thanks

Chuck

CNET Freemake video converter installs conduit/won't remove

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites