PDA

View Full Version : mysterious desktop icons probably malware Silverlight and FantasticInst.exe



gogeko34
2014-03-03, 18:09
Thanks so much for providing this opportunity to fix my computer problem with your assistance.

I'm using an old desktop with Windows XP operating system, so I expect it to be a little slow and unable to operate some of the most up to date software, but I'm pretty sure it could function a little faster and better with some help.

Here is what I have experienced:

Mozilla Firefox sometimes will not open at all. I have uninstalled and reinstalled it a couple of times. When it does open it takes a really long time to open (like 5 minutes)

Internet Explore is slow to open and respond. I can't seem to set it up to open sites like Yahoo.com without it blocking the page.

There are a couple of icons on my desktop that I can not remove or uninstall. I found Silverlight and thought I uninstalled it through the Program Manager, but it still appears on my desktop.

I also had an icon for something that looked like a game controller with the words Plug & Play below it but did not find it in my Program Manager. I found the source file and tried to delete it manually, but some form of the icon still appears on the desktop. File is listed as C:\Program Files\FGIcon\FantasticInst.exe

I have had a notice appear frequently that "Software you are installing for this hardware Non-Plug & Play drivers has not passed Windows Logo testing to verify its compatibility with Windows XP. I click the button to stop installing but it continues to attempt to install.

I have run Spybot many times as well as AVG but the problem continues.

I would love to be able to use Windows and Internet Explorer on this computer as my laptop is using a Linux operating system and I am unable to do some things on it due to compatibility with some sites.

I appreciate any help you can provide.

Thanks, Tonia

Juliet
2014-03-03, 21:35
I would love to be able to use Windows and Internet Explorer on this computer as my laptop is using a Linux operating system and I am unable to do some things on it due to compatibility with some sites.
This might become an issue. I can help with windows errors and malware but I am not familiar with Linux at all.


To remove unused desktop icons

1.Open Display in Control Panel.

2.On the Desktop tab, click Customize Desktop.

3.Under Desktop cleanup, click Clean Desktop Now.

4.Follow the directions in the Desktop Cleanup Wizard.

Note
To open Display, click Start, click Control Panel, click Appearance and Themes, and then click Display.


The Desktop Cleanup Wizard displays a list of the desktop icons that have not been used for 60 days or more, enabling you to remove those icons that you don't want on your desktop. You can retrieve icons you have removed by opening the Unused Desktop Shortcuts folder on your desktop.


Clear the Run Desktop Cleanup Wizard every 60 days check box if you don't want the wizard to run automatically every two months.

You can remove an individual desktop icon by right-clicking the icon and then clicking Delete.

To add or remove the icons for My Documents, My Computer, My Network Places, or Internet Explorer, select or clear those items under Desktop icons.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

gogeko34
2014-03-06, 06:01
Thanks so much for your reply. I ran the desktop clean up, installed the programs you suggested and ran the scans. At some point, Windows updated and restarted my computer. Hopefully it doesn't impact the results of the log.

My logs are really long and it appears that I can not post the text in the message. I also have to break them up into smaller files to upload them. If there is another way to get this information to you please let me know.

Sorry for any confusion I may have caused by mentioning the Linux operating system I have on my laptop. It's running fine. I just want to get this Windows operating system working better right now.

Thanks, Tonia

gogeko34
2014-03-06, 06:04
Here are the other logs you requested.

Thanks again.

Tonia

Juliet
2014-03-06, 14:18
I'm posting the logs to make it easier to read for me.

I'll be back after I've had time to research these.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014
Ran by User (administrator) on HOME on 05-03-2014 14:34:49
Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JAKG28F6
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
() C:\Program Files\NetDrive\wdService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Koyote-Lab, inc) C:\Program Files\Settings Alerter\Datamngr\datamngrUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JAKG28F6\FRST[1].exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [437008 2005-12-04] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [461584 2005-12-04] (Microsoft Corporation)
HKLM\...\Run: [pdfFactory Pro Dispatcher v2] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [499712 2006-04-06] (FinePrint Software, LLC)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-11] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-03-02] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DATAMNGR] - C:\Program Files\Settings Alerter\Datamngr\datamngrUI.exe [1684016 2013-02-05] (Koyote-Lab, inc)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\runonceex: [] - [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: {63c54ca6-3192-11dd-91b8-000fb53d70e5} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2012-12-20] ()
AppInit_DLLs: C:\PROGRA~1\SETTIN~1\Datamngr\datamngr.dll => C:\PROGRA~1\SETTIN~1\Datamngr\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~1\SETTIN~1\Datamngr\IEBHO.dll => C:\PROGRA~1\SETTIN~1\Datamngr\IEBHO.dll File Not Found
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (No File)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={BB0DF854-3FD9-463C-87B5-E3E22F8E6471}&mid=5bb1442fcf05010cec7e7e879cb0efd6-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-05-10 19:23:05&v=14.2.0.1&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files\PlurPush\PlurPushbho.dll (PlurPush)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.corestaff.com/application/ScriptX.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141696688906
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll No File
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://my.yahoo.com/
FF NetworkProxy: "no_proxies_on", "127.0.0.1,localhost,*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmnqmp07030901.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\nostmp [2012-02-01]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-06-21]
FF Extension: PlurPush - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-02-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-02-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-11]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011-06-09]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-02]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
S2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2002-07-02] ( )
R2 vToolbarUpdater18.0.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-02] (AVG Secure Search)
R2 WebDriveService; C:\Program Files\NetDrive\wdService.exe [94208 2003-03-26] ()
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [659356 2002-10-02] (Avance Logic, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2002-08-29] (ADMtek Incorporated.)
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-03-02] (AVG Technologies)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [12928 2005-10-16] (Bo Brantén)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15890 2006-03-10] (Meetinghouse Data Communications)
S3 MLFILEM; C:\WINDOWS\system32\drivers\MLFILEM.SYS [28288 2004-06-04] (Sysinternals - www.sysinternals.com)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [197152 2002-09-24] ( )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1807568 2002-07-02] ( )
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [161976 2002-07-02] ( )
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [418720 2002-07-02] ( )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [84720 2002-07-02] ( )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2002-07-02] (Vireo Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-11-01] ()
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-01-03] (EnTech Taiwan)
R2 WebDriveFSD; C:\Program Files\NetDrive\rffsd.sys [67032 2002-11-27] ()
R1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [91390 2002-07-31] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [71258 2002-07-31] (Intel Corporation)
S3 AR5523; system32\DRIVERS\wg11tnd5.sys [X]
S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S4 RFNP32; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 14:34 - 2014-03-05 14:34 - 00000000 ____D () C:\FRST
2014-03-05 14:18 - 2014-03-05 14:24 - 00213888 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-05 13:47 - 2014-03-05 13:47 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
2014-03-05 12:51 - 2014-03-05 12:36 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
2014-03-05 12:36 - 2014-03-02 18:39 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
2014-03-05 12:24 - 2014-03-05 12:24 - 00002067 _____ () C:\Documents and Settings\User\Desktop\aswMBR.txt
2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-05 11:53 - 2014-03-05 11:53 - 00014985 ____C () C:\Documents and Settings\User\Desktop\attach.txt
2014-03-05 11:53 - 2014-03-05 11:52 - 00015852 _____ () C:\Documents and Settings\User\Desktop\dds.txt
2014-03-05 11:49 - 2014-03-05 12:47 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-03 11:20 - 2014-03-03 11:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\ParetoLogic
2014-03-03 11:20 - 2014-03-03 11:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DriverCure
2014-03-03 11:15 - 2014-03-03 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-03-03 10:02 - 2014-03-03 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-02 19:58 - 2014-03-03 13:14 - 00072877 _____ () C:\WINDOWS\setupapi.log
2014-03-02 18:39 - 2013-04-06 18:27 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140302-183920.backup
2014-03-02 15:49 - 2014-03-05 12:42 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-01 21:54 - 2014-03-01 21:54 - 00862120 _____ (Download Manager ) C:\Documents and Settings\User\Desktop\java(1).exe
2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
2014-03-01 21:52 - 2014-03-01 21:52 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-01 21:50 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\PlurPush
2014-03-01 21:49 - 2014-03-02 19:57 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-01 21:09 - 2014-03-01 21:12 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-01 20:24 - 2014-03-01 20:25 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-01 18:51 - 2014-03-01 18:52 - 00009419 _____ () C:\WINDOWS\KB2914368.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-01 18:08 - 2014-03-01 20:43 - 00011995 _____ () C:\WINDOWS\KB2916036.log
2014-03-01 18:08 - 2014-03-01 18:50 - 00016197 _____ () C:\WINDOWS\KB2898715.log
2014-03-01 18:08 - 2014-03-01 18:45 - 00013778 _____ () C:\WINDOWS\KB2868626.log
2014-03-01 18:07 - 2014-03-01 18:48 - 00015700 _____ () C:\WINDOWS\KB2893984.log
2014-03-01 18:07 - 2014-03-01 18:47 - 00014503 _____ () C:\WINDOWS\KB2893294.log
2014-03-01 18:07 - 2014-03-01 18:46 - 00014365 _____ () C:\WINDOWS\KB2876331.log
2014-03-01 18:07 - 2014-03-01 18:43 - 00012789 _____ () C:\WINDOWS\KB2862152.log
2014-03-01 18:04 - 2014-03-01 18:48 - 00014515 _____ () C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-03-05 14:36 - 2012-05-06 20:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-05 14:34 - 2014-03-05 14:34 - 00000000 ____D () C:\FRST
2014-03-05 14:24 - 2014-03-05 14:18 - 00213888 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-05 13:56 - 2010-01-06 14:29 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 13:47 - 2014-03-05 13:47 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
2014-03-05 13:11 - 2006-03-12 13:11 - 00000340 _____ () C:\WINDOWS\Tasks\HP Usg Daily.job
2014-03-05 12:47 - 2014-03-05 11:49 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-05 12:46 - 2010-01-06 14:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 12:46 - 2002-12-24 06:29 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-05 12:43 - 2006-03-06 20:58 - 01437880 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-05 12:42 - 2014-03-02 15:49 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-05 12:42 - 2002-12-23 23:37 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-03-05 12:41 - 2002-12-24 07:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-05 12:41 - 2002-12-23 23:37 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-05 12:40 - 2012-12-30 15:25 - 00014010 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-05 12:39 - 2006-03-06 18:39 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-05 12:36 - 2014-03-05 12:51 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
2014-03-05 12:24 - 2014-03-05 12:24 - 00002067 _____ () C:\Documents and Settings\User\Desktop\aswMBR.txt
2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-05 11:53 - 2014-03-05 11:53 - 00014985 ____C () C:\Documents and Settings\User\Desktop\attach.txt
2014-03-05 11:52 - 2014-03-05 11:53 - 00015852 _____ () C:\Documents and Settings\User\Desktop\dds.txt
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-05 11:21 - 2008-07-23 11:17 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B35155B-B273-4F78-A4C9-B3AD29E35858}.job
2014-03-05 10:45 - 2011-04-22 12:25 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
2014-03-03 13:14 - 2014-03-02 19:58 - 00072877 _____ () C:\WINDOWS\setupapi.log
2014-03-03 12:59 - 2014-03-03 11:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-03-03 11:30 - 2006-03-06 18:39 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 11:23 - 2002-12-24 07:43 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 11:22 - 2007-07-09 11:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 11:20 - 2014-03-03 11:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\ParetoLogic
2014-03-03 11:20 - 2014-03-03 11:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DriverCure
2014-03-03 10:02 - 2014-03-03 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-03 09:53 - 2011-04-22 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-02 22:57 - 2013-02-23 14:11 - 00000000 ____D () C:\Program Files\Settings Alerter
2014-03-02 21:23 - 2011-09-27 11:30 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-03-02 21:23 - 2011-09-27 11:30 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-02 21:22 - 2012-09-05 09:44 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-02 21:22 - 2011-12-08 17:31 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-02 21:22 - 2011-12-08 17:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-03-02 19:57 - 2014-03-01 21:49 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-02 19:57 - 2006-03-10 13:07 - 00003503 _____ () C:\WINDOWS\wininit.ini
2014-03-02 18:39 - 2014-03-05 12:36 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
2014-03-02 18:33 - 2006-10-08 18:00 - 00000000 ____D () C:\Program Files\Java
2014-03-02 18:21 - 2006-03-22 16:42 - 00000000 ____D () C:\WINDOWS\Corel
2014-03-02 18:00 - 2011-03-24 22:37 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-03-02 18:00 - 2008-09-29 19:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-02 17:50 - 2006-03-15 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-03-02 17:24 - 2007-11-10 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Program Files\Google
2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-03-01 21:59 - 2012-06-20 15:22 - 00859072 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-03-01 21:59 - 2010-12-08 23:57 - 00779704 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-03-01 21:54 - 2014-03-01 21:54 - 00862120 _____ (Download Manager ) C:\Documents and Settings\User\Desktop\java(1).exe
2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
2014-03-01 21:52 - 2014-03-01 21:52 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-01 21:51 - 2014-03-01 21:50 - 00000000 ____D () C:\Program Files\PlurPush
2014-03-01 21:30 - 2013-02-09 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 21:12 - 2014-03-01 21:09 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-03-01 21:12 - 2009-06-24 22:57 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-01 21:12 - 2006-03-06 23:59 - 00482093 _____ () C:\WINDOWS\updspapi.log
2014-03-01 21:12 - 2002-12-23 23:35 - 03283003 _____ () C:\WINDOWS\FaxSetup.log
2014-03-01 21:12 - 2002-12-23 23:35 - 01270282 _____ () C:\WINDOWS\tsoc.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00621392 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00518548 _____ () C:\WINDOWS\iis6.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00166046 _____ () C:\WINDOWS\ocmsn.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00165529 _____ () C:\WINDOWS\msgsocm.log
2014-03-01 21:09 - 2013-10-20 20:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-01 20:49 - 2002-12-23 23:34 - 00570014 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-01 20:43 - 2014-03-01 18:08 - 00011995 _____ () C:\WINDOWS\KB2916036.log
2014-03-01 20:43 - 2002-12-23 23:35 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-03-01 20:25 - 2014-03-01 20:24 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-01 19:44 - 2012-05-06 20:18 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
2014-03-01 19:28 - 2012-05-06 20:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-01 19:28 - 2011-08-20 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-01 19:19 - 2002-12-23 23:34 - 00220840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-01 18:52 - 2014-03-01 18:51 - 00009419 _____ () C:\WINDOWS\KB2914368.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-01 18:51 - 2007-02-16 00:30 - 00894282 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-01 18:50 - 2014-03-01 18:08 - 00016197 _____ () C:\WINDOWS\KB2898715.log
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-01 18:48 - 2014-03-01 18:07 - 00015700 _____ () C:\WINDOWS\KB2893984.log
2014-03-01 18:48 - 2014-03-01 18:04 - 00014515 _____ () C:\WINDOWS\KB2892075.log
2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-01 18:47 - 2014-03-01 18:07 - 00014503 _____ () C:\WINDOWS\KB2893294.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-01 18:46 - 2014-03-01 18:07 - 00014365 _____ () C:\WINDOWS\KB2876331.log
2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-01 18:45 - 2014-03-01 18:08 - 00013778 _____ () C:\WINDOWS\KB2868626.log
2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-01 18:43 - 2014-03-01 18:07 - 00012789 _____ () C:\WINDOWS\KB2862152.log
2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-01 17:18 - 2006-03-10 11:10 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-02-06 03:54 - 2006-11-07 03:26 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2002-12-24 06:28 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-15 16:32 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2010-06-10 05:02 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2009-06-24 22:55 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2009-06-24 22:55 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2007-05-08 19:14 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2007-05-08 19:14 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2007-05-08 19:14 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2007-05-08 19:14 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 03:27 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2006-10-17 12:05 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2006-10-17 12:05 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2006-10-17 12:05 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2006-10-17 12:04 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2006-09-18 09:15 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2006-05-19 10:08 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2006-05-10 00:22 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2006-05-10 00:22 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2005-11-22 16:49 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2005-10-21 12:51 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2005-10-21 12:51 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2002-12-24 06:29 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2002-12-24 06:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2002-12-24 06:28 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2002-12-24 06:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2006-03-07 00:38 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-04 19:09 - 2006-03-06 23:59 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Juliet
2014-03-06, 14:20
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2014
Ran by User at 2014-03-05 14:36:44
Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JAKG28F6
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

56Kbps Internal Modem (HKLM\...\SLAMRNTV) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avance AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.3705 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.0.248 - AVG Technologies)
CCScore (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DigitImg (Version: 2.00.0000 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.8.2 - )
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESSBrwr (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 5.03.0000.0301 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
ESShelp (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
ESSini (Version: 5.03.0000.0201 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 5.03.0000.0008 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 5.3.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
essvcpt (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HLPPDOCK (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Intel(R) 82845G Graphics Driver Software (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
K-Lite Codec Pack 8.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
KSU (Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
LiveUpdate 2.0 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.0.39.0 - Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 5.5 (HKLM\...\{EBC91840-41E1-4CC3-AC11-0B889546223C}) (Version: 5.50.661.0 - Microsoft)
Microsoft IntelliType Pro 5.5 (HKLM\...\{F02CF4B0-05EC-4938-A8D2-F739AF3B4363}) (Version: 5.50.661.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (HKLM\...\{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}) (Version: 6.5.7651.60 - Microsoft)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
MoodLogic Service (HKLM\...\MoodLogic Service) (Version: - MoodLogic)
Move Networks Player for Firefox (HKLM\...\Move Player_is1) (Version: - Move Networks)
Movie Download Manager (HKCU\...\DownloadCoach) (Version: - )
Mozilla Firefox 19.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Keyboard Driver Ver1.0 (KB-0108) (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version: - )
NetDrive (HKLM\...\NetDrive) (Version: - )
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
Notifier (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (Version: 5.03.0000.0302 - EASTMAN KODAK Company) Hidden
OTtBP (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
OTtBPSDK (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: - )
Photosmart 140,240,7200,7600,7700,7900 Series (HKLM\...\{45B6180B-DCAB-4093-8EE8-6164457517F0}) (Version: 2.0 - Hewlett-Packard)
PS7700 (Version: 1.00.0000 - Hewlett-Packard) Hidden
PSShortcuts (Version: 1.00.0000 - Hewlett-Packard) Hidden
PSUsage (Version: 1.20.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden
SFR (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SFR2 (Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
SHASTA (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
SKIN0001 (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.0 - Safer Networking Limited)
staticcr (Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
VPRINTOL (Version: 5.03.0000.0101 - EASTMAN KODAK Company) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version: - )
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Defender Signatures (Version: 1.20.1459.12 - Microsoft Corporation) Hidden
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WIRELESS (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
WordPerfect Office 2002 Professional (HKLM\...\WordPerfect Office 2002 Professional) (Version: - )
WordPerfect Office 2002 Professional (Version: 10 - Corel) Hidden

==================== Restore Points =========================

01-03-2014 23:39:34 Software Distribution Service 3.0
02-03-2014 01:06:33 Software Distribution Service 3.0
02-03-2014 02:59:32 Installed Java 7 Update 10
02-03-2014 03:20:37 Software Distribution Service 3.0
02-03-2014 22:11:56 Removed Apple Application Support
02-03-2014 22:16:31 Removed Apple Mobile Device Support
02-03-2014 22:19:49 Removed Apple Software Update
02-03-2014 22:37:56 Removed iTunes
02-03-2014 22:51:09 Removed OneClickdigital Media Manager.
02-03-2014 22:58:25 Removed OpenOffice.org 3.3
02-03-2014 23:03:10 Removed OverDrive Media Console
02-03-2014 23:22:21 Removed Java 7 Update 10
02-03-2014 23:27:23 Removed Bonjour
02-03-2014 23:29:26 Removed Java(TM) 6 Update 2
02-03-2014 23:31:28 Removed Java(TM) 6 Update 22
02-03-2014 23:33:13 Removed Java(TM) 6 Update 3
02-03-2014 23:34:27 Removed Java(TM) 6 Update 33
03-03-2014 02:03:01 Software Distribution Service 3.0
03-03-2014 03:56:00 Removed Microsoft Silverlight
03-03-2014 05:22:03 Software Distribution Service 3.0
03-03-2014 18:14:30 Software Distribution Service 3.0
05-03-2014 15:55:03 System Checkpoint

==================== Hosts content: ==========================

2002-12-24 06:28 - 2014-03-05 12:51 - 00451108 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY365110DR7F.job => C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
Task: C:\WINDOWS\Tasks\HP Usg Daily.job => C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B35155B-B273-4F78-A4C9-B3AD29E35858}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2006-09-13 19:09 - 2003-04-14 15:11 - 00503808 _____ () C:\WINDOWS\system32\RFHelper.dll
2006-09-13 19:09 - 2001-08-23 08:24 - 00032768 _____ () C:\WINDOWS\system32\rfhres.dll
2014-01-27 15:45 - 2014-01-27 15:45 - 00546112 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
2006-09-13 19:09 - 2003-03-26 11:52 - 00094208 _____ () C:\Program Files\NetDrive\wdService.exe
2014-03-02 21:22 - 2014-03-02 21:22 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2014-03-02 21:22 - 2014-03-02 21:22 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2011-09-27 11:30 - 2014-03-02 21:23 - 02552856 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2008-08-11 13:59 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
2008-08-11 13:59 - 2008-03-04 14:52 - 00790392 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
2008-08-11 13:59 - 2008-03-05 09:34 - 00795520 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
2008-08-11 13:59 - 2008-02-26 11:04 - 00717176 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
2007-06-16 12:23 - 2007-12-24 01:05 - 00121344 _____ () C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk => C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk => C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk => C:\WINDOWS\pss\Google Updater.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111T Smart Wizard.lnk => C:\WINDOWS\pss\NETGEAR WG111T Smart Wizard.lnkCommon Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: CHotkey => mHotkey.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
MSCONFIG\startupreg: HPHmon05 => C:\WINDOWS\system32\hphmon05.exe
MSCONFIG\startupreg: HPHUPD05 => C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MoodLogic Service => C:\Program Files\MoodLogic\Service\MLService.exe
MSCONFIG\startupreg: MoodLogic Updater => C:\Program Files\MoodLogic\Service\Updater.exe
MSCONFIG\startupreg: pdfFactory Pro Dispatcher v2 => "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
MSCONFIG\startupreg: SNM => C:\Program Files\SpyNoMore\SNM.exe /startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: Uniblue RegistryBooster 2 => C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
MSCONFIG\startupreg: vptray => C:\PROGRA~1\SYMANT~1\VPTray.exe
MSCONFIG\startupreg: WebDriveTray => C:\Program Files\NetDrive\netdrive.exe /trayicon
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 10:02:31 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (03/03/2014 10:02:31 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (03/03/2014 00:02:20 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (03/02/2014 11:42:14 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/02/2014 11:37:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (03/02/2014 11:37:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (03/02/2014 07:59:16 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (03/02/2014 07:59:15 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (03/02/2014 06:19:11 PM) (Source: MsiInstaller) (User: HOME)
Description: Product: WordPerfect Office 2002 Professional -- Error 1327.Invalid Drive: H:\

Error: (03/02/2014 05:49:46 PM) (Source: MsiInstaller) (User: HOME)
Description: Product: HLPPDOCK -- Error 1327.Invalid Drive: H:\


System errors:
=============
Error: (03/05/2014 02:18:04 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2014 02:18:04 PM) (Source: Service Control Manager) (User: )
Description: The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2014 11:50:57 AM) (Source: Service Control Manager) (User: )
Description: The SmartLinkService service has reported an invalid current state 0.

Error: (03/05/2014 10:38:28 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/03/2014 09:47:00 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (03/02/2014 10:56:42 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/02/2014 10:56:42 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/02/2014 10:56:42 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/02/2014 10:56:42 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/02/2014 10:56:42 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (03/03/2014 10:02:31 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/03/2014 10:02:31 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/03/2014 00:02:20 AM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (03/02/2014 11:42:14 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/02/2014 11:37:24 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/02/2014 11:37:24 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/02/2014 07:59:16 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/02/2014 07:59:15 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (03/02/2014 06:19:11 PM) (Source: MsiInstaller)(User: HOME)
Description: Product: WordPerfect Office 2002 Professional -- Error 1327.Invalid Drive: H:\(NULL)(NULL)(NULL)

Error: (03/02/2014 05:49:46 PM) (Source: MsiInstaller)(User: HOME)
Description: Product: HLPPDOCK -- Error 1327.Invalid Drive: H:\(NULL)(NULL)(NULL)

Juliet
2014-03-06, 16:15
Lot of infection on the machine.

Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JAKG28F6

You ran the tool out of the temp folder. We need to download Farbar Recovery Scan Tool again and make sure it's placed on your desktop.

Firefox
you press the orange Firefox button in the top left corner >> Options
Beneath where it shows homepage, click on save files to desktop

Chrome --
Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop

Change IE Default "Save" Download Location in Download Manager
Open IE9, IE10, or IE11.
Click/tap on the gear icon in the upper right corner, then click/tap on View downloads.
You could also press CTRL + J instead.
Click/tap on the Options button, Click/tap on the Browse button. Navigate to and select (highlight) the folder (Desktop) that you want IE9 or IE10 to use as the default download location, then click on the Select Folder button.
Click/tap on OK.
Click/tap on Close.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))

After you have the FRST icon on your desktop, place the below fix.txt beside it. Open FRST and click on the Fix button.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: {63c54ca6-3192-11dd-91b8-000fb53d70e5} - G:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files\PlurPush\PlurPushbho.dll (PlurPush)
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchEngineOrder.1: Web Search
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\web-search.xml
FF Extension: PlurPush - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011-06-09]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
2014-03-02 15:49 - 2014-03-05 12:42 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-01 21:52 - 2014-03-01 21:52 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-01 21:50 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\PlurPush
2014-03-01 21:49 - 2014-03-02 19:57 - 00000000 ____D () C:\Program Files\SearchProtect
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden
AlternateDataStreams: C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
Reboot:
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.



Please post:
Fixlog.txt
C:\AdwCleaner[S1].txt
JRT.txt

gogeko34
2014-03-07, 01:12
When I clicked on the link to download adwcleaner some kind of zip file installed and now I have a bunch more junk on my computer and on my IE toolbar...

I installed adwcleaner through CNET instead. I'm a mess...

Here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-03-2014
Ran by User at 2014-03-06 16:47:23 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: {63c54ca6-3192-11dd-91b8-000fb53d70e5} - G:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files\PlurPush\PlurPushbho.dll (PlurPush)
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchEngineOrder.1: Web Search
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\web-search.xml
FF Extension: PlurPush - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011-06-09]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
2014-03-02 15:49 - 2014-03-05 12:42 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-01 21:52 - 2014-03-01 21:52 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-01 21:50 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\PlurPush
2014-03-01 21:49 - 2014-03-02 19:57 - 00000000 ____D () C:\Program Files\SearchProtect
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden
AlternateDataStreams: C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
Reboot:
end

*****************

[1932] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe => Process closed successfully.
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1266927252-1395366336-781762406-1005 => Key not found.
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63c54ca6-3192-11dd-91b8-000fb53d70e5} => Key deleted successfully.
HKCR\CLSID\{63c54ca6-3192-11dd-91b8-000fb53d70e5} => Key not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully.
HKCR\CLSID\{82249076-d5c8-431d-982b-023779779587} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.
HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\web-search.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com => Value deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} => Value deleted successfully.
Level Quality Watcher => Service deleted successfully.
C:\Program Files\SavingsBull => Moved successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.

"C:\Program Files\PlurPush" directory move:

Could not move "C:\Program Files\PlurPush\PlurPushBHO.dll" => Scheduled to move on reboot.
C:\Program Files\PlurPush\updatePlurPush.exe => Moved successfully.
Could not move "C:\Program Files\PlurPush" directory. => Scheduled to move on reboot.

C:\Program Files\SearchProtect => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher\\SystemComponent => Value not found.
C:\WINDOWS\AIM.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\emachines_32.bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\encarta.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\ICQ.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\Netscape.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\Winamp1.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\OemLinkIcon.ico => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\WINDOWS\system32\OEMLOGO.BMP => ":Q30lsldxJoudresxAaaqpcawXc" ADS removed successfully.
C:\WINDOWS\system32\OEMLOGO.BMP => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":CAAA7DD7" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-06 16:55:07)<=

C:\Program Files\PlurPush\PlurPushBHO.dll => Is moved successfully.
C:\Program Files\PlurPush => Moved successfully.

==== End of Fixlog ====

gogeko34
2014-03-07, 01:16
# AdwCleaner v3.020 - Report created 06/03/2014 at 17:28:06
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - HOME
# Running from : C:\Documents and Settings\User\Local Settings\Temp\dlmD.tmp\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\All Users\Desktop\Advanced System Protector.lnk
File Found : C:\Documents and Settings\All Users\Desktop\Advanced System Protector.lnk
File Found : C:\Documents and Settings\All Users\Desktop\Open It!.lnk
File Found : C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\conduit-search.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\user.js
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\WebSearch.xml
File Found : C:\WINDOWS\system32\roboot.exe
File Found : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
File Found : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
Folder Found C:\DOCUME~1\User\LOCALS~1\Temp\AirInstaller
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Documents and Settings\All Users\Application Data\wincert
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Protector
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro
Folder Found C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\User\Application Data\DigitalSites
Folder Found C:\Documents and Settings\User\Application Data\DriverCure
Folder Found C:\Documents and Settings\User\Application Data\Mysearchdial
Folder Found C:\Documents and Settings\User\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\User\Application Data\ShopperReports3
Folder Found C:\Documents and Settings\User\Application Data\Systweak
Folder Found C:\Documents and Settings\User\Application Data\Toolbar4
Folder Found C:\Documents and Settings\User\Application Data\uniblue
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
Folder Found C:\Program Files\Advanced System Protector
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Mysearchdial
Folder Found C:\Program Files\openit
Folder Found C:\Program Files\RegClean Pro
Folder Found C:\Program Files\SearchProtect
Folder Found C:\Program Files\ShopperReports3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SETTIN~1\Datamngr\datamngr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SETTIN~1\Datamngr\IEBHO.dll
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\CompeteInc
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\ShopperReports3
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BRNstIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\CmndFF.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\mozillaps.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\Pltfrm.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{09325003-167C-483D-A4BA-8B3122ABB432}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{396CFC12-932D-496B-A0A8-5D7201E105E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DD76B7B-6423-4DF0-9A07-84A6CAD973A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74C22317-5B90-471F-9AD2-FEC049870A16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6CFB6A-9227-4BB8-B941-F2B067E76F51}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AB0EE208-DF60-4FA7-A617-C4269760033E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC7BD6F1-565C-47CE-A5BB-9C935E77B59D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC16189-8A92-4A29-A940-60248385F426}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DEE758B4-C3FB-4A5B-9939-848B9C77A2FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E12AEAB6-7D12-4C07-8E36-5892EFB4DAFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2F2C137-A782-4FB5-81AF-086156F5EB0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3A32DF2-7413-4FB1-B575-1AC920A17B76}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.CntntDic
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.CntntDic.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.CntntDisp
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.CntntDisp.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbAx
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbAx.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.IEButton
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.IEButton.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.KOPFF
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.KOPFF.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.ReportData
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.ReportData.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Scopes
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Scopes.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Stock
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.Stock.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay
Key Found : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\mysearchdial
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\ShopperReports3
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RDReminder]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [systweakasp]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [ShopperReports 3.0.517.0]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Advanced System Protector_Startup]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&SSPV=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtDyEyD0Azz0E0FzzyCzy0Azy0D0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByC0EzztBzy0C0FtG0ByDtAyBtGtBtD0FyCtGzyzyzzyEtGyD0BzzyCtB0AyDyD0F0CyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtD0D0CyCzzyByEtG0BtA0A0CtGzy0CyBtDtGtDtBtDtAtGtAyEyD0EtB0BtB0BzytB0Ezy2Q&cr=1830075973&ir=

-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\prefs.js ]

Line Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.outfox.tv/?referid=150|hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-7029988[...]
Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E");

*************************

AdwCleaner[R0].txt - [30944 octets] - [06/03/2014 17:28:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [31005 octets] ##########

gogeko34
2014-03-07, 01:19
# AdwCleaner v3.020 - Report created 06/03/2014 at 17:41:23
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - HOME
# Running from : C:\Documents and Settings\User\Local Settings\Temp\dlmD.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wincert
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Mysearchdial
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\ShopperReports3
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\DigitalSites
Folder Deleted : C:\Documents and Settings\User\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\User\Application Data\Mysearchdial
Folder Deleted : C:\Documents and Settings\User\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\User\Application Data\ShopperReports3
Folder Deleted : C:\Documents and Settings\User\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\User\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\User\Application Data\uniblue
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Documents and Settings\All Users\Desktop\Advanced System Protector.lnk
File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk
File Deleted : C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\conduit-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\WebSearch.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\user.js
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RDReminder]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [systweakasp]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BRNstIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CmndFF.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\mozillaps.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Pltfrm.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.CntntDic
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.CntntDic.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.CntntDisp
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.CntntDisp.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbAx
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbAx.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.IEButton
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.IEButton.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.KOPFF
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.KOPFF.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.ReportData
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.ReportData.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Scopes
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Scopes.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Stock
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Stock.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay
Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [ShopperReports 3.0.517.0]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Advanced System Protector_Startup]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09325003-167C-483D-A4BA-8B3122ABB432}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{396CFC12-932D-496B-A0A8-5D7201E105E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DD76B7B-6423-4DF0-9A07-84A6CAD973A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74C22317-5B90-471F-9AD2-FEC049870A16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6CFB6A-9227-4BB8-B941-F2B067E76F51}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AB0EE208-DF60-4FA7-A617-C4269760033E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC7BD6F1-565C-47CE-A5BB-9C935E77B59D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC16189-8A92-4A29-A940-60248385F426}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEE758B4-C3FB-4A5B-9939-848B9C77A2FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E12AEAB6-7D12-4C07-8E36-5892EFB4DAFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2F2C137-A782-4FB5-81AF-086156F5EB0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3A32DF2-7413-4FB1-B575-1AC920A17B76}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\ShopperReports3
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\ShopperReports3
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SETTIN~1\Datamngr\datamngr.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SETTIN~1\Datamngr\IEBHO.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.outfox.tv/?referid=150|hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-7029988[...]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E");

*************************

AdwCleaner[R0].txt - [31086 octets] - [06/03/2014 17:28:06]
AdwCleaner[S0].txt - [31101 octets] - [06/03/2014 17:41:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31162 octets] ##########

gogeko34
2014-03-07, 01:20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Thu 03/06/2014 at 17:56:51.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] qknfd
Successfully stopped: [Service] qksvc
Successfully deleted: [Service] qksvc



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\WINDOWS\system32\drivers\qknfd.sys"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\quiknowledge"



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"
Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com
Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\prefs.js

user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"203\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" i=\"1342\" /><s u=\".hop.cl
user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\br7jorsi.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/06/2014 at 18:05:48.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2014-03-07, 02:29
That took out a chunk.

After you run the below scan give me an update on how the computer is at the moment.


http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

gogeko34
2014-03-08, 01:31
Juliet,

I really appreicate your help with my computer. You have been so quick to respond and I value both your time and your knowledge.

As I mentioned previously some stuff installed on my computer when I tried to install adwcleaner a zip file with a bunch of programs installed instead. I think I was able to remove most of the stuff using the control panel remove software function, but this pesky program called outfox tv is still there and I can not remove it. It has installed a side bar on my desktop and taken over my homepage on IE.

Anyway, Here is the MBAM Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: HOME [administrator]

3/7/2014 4:10:02 PM
mbam-log-2014-03-07 (16-10-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322844
Time elapsed: 1 hour(s), 38 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F213853A-D221-4C97-8A4B-7E0AC63F31A1} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKCR\Interface\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63A20A19-B1E6-4355-AB4C-28553AF40CA2} (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63A20A19-B1E6-4355-AB4C-28553AF40CA2} (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QUIKNOWLEDGE (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKLM\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790677B676555736AD91 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Quiknowledge|ie-ver (PUP.Optional.Quiknowledge.A) -> Data: 8.0.6001.18702 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 40
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\java(1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nsc25.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nsk2A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nsl2D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nst22.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\is1590112554\655978_stp\quiknowledge-setup-1.9.0.1.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\is1590112554\656068_stp\rcpsetup_adppi12_adppi12.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\is826640\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temp\nsi1D\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\PlurPushBHO.dll06-03-2014_16-47-58 (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\updatePlurPush.exe06-03-2014_16-47-58 (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\Level Quality Watcher06-03-2014_16-47-51\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1477\A0216700.exe (PUP.Optional.WeatherAlerts.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1489\A0218461.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0218693.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0218702.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219146.sys (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219147.dll (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219148.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1494\A0219149.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219183.dll (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219185.exe (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1496\A0219186.exe (PUP.Optional.Jotzey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{87AA2578-EB92-4191-B9A7-40179941DF37}\RP1497\A0219315.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.

(end)

Juliet
2014-03-08, 02:19
From a scan on the previous page it was found, and supposedly deleted.

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.outfox.tv/?referid=150|hxxp://search.conduit.com/?ctid=CT3324790&

Let's try a couple of things




Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
outfox.tv
:filefind
outfox.tv
:regfind
outfox.tv
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Juliet
2014-03-08, 02:22
As I mentioned previously some stuff installed on my computer when I tried to install adwcleaner a zip file with a bunch of programs installed instead.
I meant to ask, what site did you download this from?

gogeko34
2014-03-08, 03:26
I clicked on the link to adware (bleepingcomputer.com site) and clicked on the first blue box with the arrow next to it which opened another page with a zipextractor program. Once I opened that a bunch of stuff installed. I guess I clicked on the wrong box? Anyway, here is the log from system look:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:06 on 07/03/2014 by User
Administrator - Elevation successful

========== folderfind ==========

Searching for "outfox.tv"
No folders found.

========== filefind ==========

Searching for "outfox.tv"
No files found.

========== regfind ==========

Searching for "outfox.tv"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.outfox.tv/?referid=150"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutfoxTV]
"URLInfoAbout"="http://www.outfox.tv/"
[HKEY_USERS\S-1-5-21-1266927252-1395366336-781762406-1005\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]

-= EOF =-

gogeko34
2014-03-08, 04:21
Outfox tv still showing up on my start menu and outfox tv side bar is still on my desk top. I also tried to delete it as my homepage on IE but even after restarting my computer it re established as my homepage. Something must be hiding in my computer still.

Pesky program...

I'll keep waiting for your instructions.

Thanks so much Juliet

Juliet
2014-03-08, 05:16
Download OTM by OldTimer Here (http://oldtimer.geekstogo.com/OTM.exe) & save it to your desktop.
Double click on OTM.exe to run it
Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutfoxTV]
[-HKEY_USERS\S-1-5-21-1266927252-1395366336-781762406-1005\Software\Microsoft\Internet Explorer\DOMStorage\outfox.tv]
:Commands
[emptytemp]
[Reboot]
Click on MoveIt!
When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Let's see if this does any good.

~~~~~~~~~~~~~~~~~~~
Next
Please open farbar-recovery-scan-tool


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

gogeko34
2014-03-08, 19:16
I opened OTM and pasted the text into move it and it ran but then my screen changed over to my old wallpaper before I cleaned my desktop (picture of my cats). I never had the opportunity to exit and had to reboot my computer to access the desktop files again.

I ran farbar and it produced one log (as far as I can tell)

Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
Ran by User (administrator) on HOME on 08-03-2014 11:59:02
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTvService.exe
( ) C:\WINDOWS\system32\slserv.exe
() C:\Program Files\NetDrive\wdService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(FinePrint Software, LLC) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Outfox Tv Productions Pty Ltd) C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [437008 2005-12-04] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [461584 2005-12-04] (Microsoft Corporation)
HKLM\...\Run: [pdfFactory Pro Dispatcher v2] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [499712 2006-04-06] (FinePrint Software, LLC)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-11] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\runonceex: [] - [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [326032 2014-01-28] (Outfox Tv Productions Pty Ltd)
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=150
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.corestaff.com/application/ScriptX.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141696688906
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} http://static1.meetupstatic.com/applet/MeetUploader5.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll No File
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmnqmp07030901.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\nostmp [2012-02-01]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-06-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-02-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010-02-11]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [312720 2014-01-29] (Outfox Tv Productions Pty Ltd)
R2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2002-07-02] ( )
R2 WebDriveService; C:\Program Files\NetDrive\wdService.exe [94208 2003-03-26] ()
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 vToolbarUpdater18.0.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [659356 2002-10-02] (Avance Logic, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2002-08-29] (ADMtek Incorporated.)
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-03-02] (AVG Technologies)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [12928 2005-10-16] (Bo Brantén)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15890 2006-03-10] (Meetinghouse Data Communications)
S3 MLFILEM; C:\WINDOWS\system32\drivers\MLFILEM.SYS [28288 2004-06-04] (Sysinternals - www.sysinternals.com)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [197152 2002-09-24] ( )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1807568 2002-07-02] ( )
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [161976 2002-07-02] ( )
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [418720 2002-07-02] ( )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [84720 2002-07-02] ( )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2002-07-02] (Vireo Software)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-11-01] ()
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-01-03] (EnTech Taiwan)
R2 WebDriveFSD; C:\Program Files\NetDrive\rffsd.sys [67032 2002-11-27] ()
R1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [91390 2002-07-31] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [71258 2002-07-31] (Intel Corporation)
S3 AR5523; system32\DRIVERS\wg11tnd5.sys [X]
S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
S4 RFNP32; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 11:59 - 2014-03-08 11:59 - 00017671 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-08 11:37 - 2014-03-08 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\_OTM
2014-03-07 20:06 - 2014-03-07 20:14 - 00001578 _____ () C:\Documents and Settings\User\Desktop\SystemLook.txt
2014-03-07 20:03 - 2014-03-07 20:04 - 00139264 _____ () C:\Documents and Settings\User\Desktop\SystemLook.exe
2014-03-07 16:04 - 2014-03-07 16:04 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-07 16:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-07 15:56 - 2014-03-07 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-06 17:56 - 2014-03-06 17:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 17:31 - 2014-03-06 17:31 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Downloaded Installers
2014-03-06 17:27 - 2014-03-06 17:43 - 00000000 ____D () C:\AdwCleaner
2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
2014-03-06 17:04 - 2014-03-07 21:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
2014-03-06 17:03 - 2012-07-25 12:03 - 00017136 _____ () C:\WINDOWS\system32\sasnative32.exe
2014-03-06 17:02 - 2014-03-07 21:01 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-06 17:00 - 2014-03-06 17:00 - 01037734 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-03-06 16:33 - 2014-03-06 16:37 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-05 22:51 - 2014-03-05 22:51 - 00010663 ____C () C:\Rkill1.txt
2014-03-05 22:46 - 2014-03-05 22:46 - 00038874 ____C () C:\Rkill4.txt
2014-03-05 22:46 - 2014-03-05 22:43 - 00035407 ____C () C:\Rkill3.txt
2014-03-05 22:39 - 2014-03-05 22:51 - 00043974 ____C () C:\Rkill2.txt
2014-03-05 14:34 - 2014-03-08 11:59 - 00000000 ____D () C:\FRST
2014-03-05 14:18 - 2014-03-05 14:24 - 00213888 ____C () C:\Rkill.txt
2014-03-05 13:47 - 2014-03-07 21:05 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
2014-03-05 12:51 - 2014-03-05 12:36 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
2014-03-05 12:36 - 2014-03-02 18:39 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-05 11:49 - 2014-03-05 12:47 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-02 19:58 - 2014-03-08 11:36 - 00219093 _____ () C:\WINDOWS\setupapi.log
2014-03-02 18:39 - 2013-04-06 18:27 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140302-183920.backup
2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
2014-03-01 21:09 - 2014-03-01 21:12 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-01 20:24 - 2014-03-01 20:25 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-01 18:51 - 2014-03-01 18:52 - 00009419 _____ () C:\WINDOWS\KB2914368.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-01 18:08 - 2014-03-01 20:43 - 00011995 _____ () C:\WINDOWS\KB2916036.log
2014-03-01 18:08 - 2014-03-01 18:50 - 00016197 _____ () C:\WINDOWS\KB2898715.log
2014-03-01 18:08 - 2014-03-01 18:45 - 00013778 _____ () C:\WINDOWS\KB2868626.log
2014-03-01 18:07 - 2014-03-01 18:48 - 00015700 _____ () C:\WINDOWS\KB2893984.log
2014-03-01 18:07 - 2014-03-01 18:47 - 00014503 _____ () C:\WINDOWS\KB2893294.log
2014-03-01 18:07 - 2014-03-01 18:46 - 00014365 _____ () C:\WINDOWS\KB2876331.log
2014-03-01 18:07 - 2014-03-01 18:43 - 00012789 _____ () C:\WINDOWS\KB2862152.log
2014-03-01 18:04 - 2014-03-01 18:48 - 00014515 _____ () C:\WINDOWS\KB2892075.log

==================== One Month Modified Files and Folders =======

2014-03-08 11:59 - 2014-03-08 11:59 - 00017671 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-08 11:59 - 2014-03-05 14:34 - 00000000 ____D () C:\FRST
2014-03-08 11:56 - 2010-01-06 14:29 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 11:51 - 2006-03-06 20:58 - 01663121 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-08 11:48 - 2010-01-06 14:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 11:48 - 2002-12-24 06:29 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-08 11:46 - 2002-12-24 07:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-08 11:46 - 2002-12-23 23:37 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-03-08 11:46 - 2002-12-23 23:37 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-08 11:45 - 2012-12-30 15:25 - 00032404 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-08 11:45 - 2006-03-06 18:39 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-08 11:37 - 2014-03-08 11:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-08 11:36 - 2014-03-08 11:36 - 00000000 ____D () C:\_OTM
2014-03-08 11:36 - 2014-03-02 19:58 - 00219093 _____ () C:\WINDOWS\setupapi.log
2014-03-08 11:36 - 2012-05-06 20:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-08 11:30 - 2011-04-22 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-08 11:29 - 2011-04-22 12:25 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
2014-03-07 21:11 - 2006-03-12 13:11 - 00000340 _____ () C:\WINDOWS\Tasks\HP Usg Daily.job
2014-03-07 21:05 - 2014-03-05 13:47 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts
2014-03-07 21:04 - 2014-03-06 17:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
2014-03-07 21:01 - 2014-03-06 17:02 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-07 20:14 - 2014-03-07 20:06 - 00001578 _____ () C:\Documents and Settings\User\Desktop\SystemLook.txt
2014-03-07 20:04 - 2014-03-07 20:03 - 00139264 _____ () C:\Documents and Settings\User\Desktop\SystemLook.exe
2014-03-07 18:11 - 2009-06-24 22:53 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-07 17:19 - 2008-07-23 11:17 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B35155B-B273-4F78-A4C9-B3AD29E35858}.job
2014-03-07 16:04 - 2014-03-07 16:04 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-07 16:04 - 2014-03-07 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-07 15:56 - 2014-03-07 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-06 17:56 - 2014-03-06 17:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 17:55 - 2013-02-09 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-06 17:43 - 2014-03-06 17:27 - 00000000 ____D () C:\AdwCleaner
2014-03-06 17:31 - 2014-03-06 17:31 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Downloaded Installers
2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
2014-03-06 17:00 - 2014-03-06 17:00 - 01037734 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-03-06 16:37 - 2014-03-06 16:33 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-05 22:51 - 2014-03-05 22:51 - 00010663 ____C () C:\Rkill1.txt
2014-03-05 22:51 - 2014-03-05 22:39 - 00043974 ____C () C:\Rkill2.txt
2014-03-05 22:46 - 2014-03-05 22:46 - 00038874 ____C () C:\Rkill4.txt
2014-03-05 22:43 - 2014-03-05 22:46 - 00035407 ____C () C:\Rkill3.txt
2014-03-05 14:24 - 2014-03-05 14:18 - 00213888 ____C () C:\Rkill.txt
2014-03-05 12:47 - 2014-03-05 11:49 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-05 12:36 - 2014-03-05 12:51 - 00451108 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-125113.backup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-03 11:30 - 2006-03-06 18:39 - 00001599 _____ () C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 11:23 - 2002-12-24 07:43 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-03-03 11:22 - 2007-07-09 11:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-03-02 22:57 - 2013-02-23 14:11 - 00000000 ____D () C:\Program Files\Settings Alerter
2014-03-02 21:22 - 2012-09-05 09:44 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-02 21:22 - 2011-12-08 17:31 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-02 19:57 - 2006-03-10 13:07 - 00003503 _____ () C:\WINDOWS\wininit.ini
2014-03-02 18:39 - 2014-03-05 12:36 - 00446704 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140305-123626.backup
2014-03-02 18:33 - 2006-10-08 18:00 - 00000000 ____D () C:\Program Files\Java
2014-03-02 18:21 - 2006-03-22 16:42 - 00000000 ____D () C:\WINDOWS\Corel
2014-03-02 18:00 - 2011-03-24 22:37 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-03-02 18:00 - 2008-09-29 19:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-02 17:50 - 2006-03-15 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-03-02 17:24 - 2007-11-10 18:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Program Files\Google
2014-03-02 17:24 - 2006-05-06 16:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-03-01 21:59 - 2012-06-20 15:22 - 00859072 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-03-01 21:59 - 2010-12-08 23:57 - 00779704 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-03-01 21:53 - 2014-03-01 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Weather Alerts
2014-03-01 21:12 - 2014-03-01 21:09 - 00015385 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-03-01 21:12 - 2009-06-24 22:57 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-01 21:12 - 2006-03-06 23:59 - 00482093 _____ () C:\WINDOWS\updspapi.log
2014-03-01 21:12 - 2002-12-23 23:35 - 03283003 _____ () C:\WINDOWS\FaxSetup.log
2014-03-01 21:12 - 2002-12-23 23:35 - 01270282 _____ () C:\WINDOWS\tsoc.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00621392 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00518548 _____ () C:\WINDOWS\iis6.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00166046 _____ () C:\WINDOWS\ocmsn.log
2014-03-01 21:12 - 2002-12-23 23:35 - 00165529 _____ () C:\WINDOWS\msgsocm.log
2014-03-01 21:09 - 2013-10-20 20:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-01 20:49 - 2002-12-23 23:34 - 00570014 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-01 20:43 - 2014-03-01 20:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-03-01 20:43 - 2014-03-01 18:08 - 00011995 _____ () C:\WINDOWS\KB2916036.log
2014-03-01 20:43 - 2002-12-23 23:35 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-03-01 20:25 - 2014-03-01 20:24 - 00004867 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-03-01 19:28 - 2012-05-06 20:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-01 19:28 - 2011-08-20 11:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-01 19:19 - 2002-12-23 23:34 - 00220840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-01 18:52 - 2014-03-01 18:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-03-01 18:52 - 2014-03-01 18:51 - 00009419 _____ () C:\WINDOWS\KB2914368.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00009399 _____ () C:\WINDOWS\KB2904266.log
2014-03-01 18:51 - 2014-03-01 18:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-03-01 18:51 - 2007-02-16 00:30 - 00894282 _____ () C:\WINDOWS\system32\TZLog.log
2014-03-01 18:50 - 2014-03-01 18:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-03-01 18:50 - 2014-03-01 18:08 - 00016197 _____ () C:\WINDOWS\KB2898715.log
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-03-01 18:48 - 2014-03-01 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-01 18:48 - 2014-03-01 18:07 - 00015700 _____ () C:\WINDOWS\KB2893984.log
2014-03-01 18:48 - 2014-03-01 18:04 - 00014515 _____ () C:\WINDOWS\KB2892075.log
2014-03-01 18:47 - 2014-03-01 18:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-03-01 18:47 - 2014-03-01 18:07 - 00014503 _____ () C:\WINDOWS\KB2893294.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00007706 _____ () C:\WINDOWS\KB2900986.log
2014-03-01 18:46 - 2014-03-01 18:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-03-01 18:46 - 2014-03-01 18:07 - 00014365 _____ () C:\WINDOWS\KB2876331.log
2014-03-01 18:45 - 2014-03-01 18:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-03-01 18:45 - 2014-03-01 18:08 - 00013778 _____ () C:\WINDOWS\KB2868626.log
2014-03-01 18:44 - 2014-03-01 18:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-03-01 18:43 - 2014-03-01 18:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-03-01 18:43 - 2014-03-01 18:07 - 00012789 _____ () C:\WINDOWS\KB2862152.log
2014-03-01 18:36 - 2014-03-01 18:36 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-01 17:18 - 2006-03-10 11:10 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-02-06 03:54 - 2006-11-07 03:26 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2002-12-24 06:28 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Juliet
2014-03-08, 22:50
Please uninstall this from your add/remove programs if possible:

Quiknowledge
If it's not listed please just move on.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [326032 2014-01-28] (Outfox Tv Productions Pty Ltd)
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=150
earchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [312720 2014-01-29] (Outfox Tv Productions Pty Ltd)
S1 qknfd; system32\drivers\qknfd.sys [X]
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
2014-03-06 17:04 - 2014-03-07 21:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
C:\Windows\Tasks\At*.job
Reboot:
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~

Please post fixlist.txt in your next reply.
Also, how is the computer now?

gogeko34
2014-03-09, 03:13
Hi Juliet,

My computer is running much better and faster than it was before. Thank you so much for your help.

The program Quiknowledge was not listed so I couldn't uninstall it, though I do remember uninstalling it at some point. Outfoxed seems to be gone now with the recent fix as it is no longer coming up on my desktop or start menu. That is fantastic!

I have noticed that I still get a notice from Windows about Plug and Play hardware that is attempting to install on my computer and I'm not sure what that is. Could it be the wireless mouse I am using?

The Yahoo page that I usually use as my homepage is being blocked by IE for security certificate errors and I'm not sure if there is something I need to do about it.

I'm not sure if I should be concerned about either of these issues. I am very pleased with the improvements, especially now that Outfoxed seems to be gone.

I opened Mozilla Firefox and Outfoxed was the homepage... Also it appears that the version I have installed is outdated? Should I uninstall Firefox and install it again? I prefer to use Firefox as it seems to cause less problems with my computer (although maybe the problems have nothing to do with IE).

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-03-2014
Ran by User at 2014-03-08 19:47:46 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe [326032 2014-01-28] (Outfox Tv Productions Pty Ltd)
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outfox.tv/?referid=150
earchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP39EB8F52-728A-4B52-97F8-70299885813E&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
R2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [312720 2014-01-29] (Outfox Tv Productions Pty Ltd)
S1 qknfd; system32\drivers\qknfd.sys [X]
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Program Files\OutfoxTV
2014-03-06 17:30 - 2014-03-06 17:30 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV
2014-03-06 17:26 - 2014-03-06 17:26 - 00930952 _____ (CNET Download.com) C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe
2014-03-06 17:04 - 2014-03-07 21:04 - 00000412 _____ () C:\WINDOWS\Tasks\At2.job
C:\Windows\Tasks\At*.job
Reboot:
end
*****************

HKU\S-1-5-21-1266927252-1395366336-781762406-1005\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => Value deleted successfully.
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1266927252-1395366336-781762406-1005 => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => Value deleted successfully.
OutfoxTvService => Service stopped successfully.
OutfoxTvService => Service deleted successfully.
qknfd => Service deleted successfully.
C:\Program Files\OutfoxTV => Moved successfully.
C:\Documents and Settings\User\Start Menu\Programs\OutfoxTV => Moved successfully.
C:\Documents and Settings\User\Desktop\cbsidlm-cbsi183-AdwCleaner-ORG-75851221.exe => Moved successfully.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At*.job => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Juliet
2014-03-09, 05:50
I am very pleased with the improvements, especially now that Outfoxed seems to be gone.

I opened Mozilla Firefox and Outfoxed was the homepage..
lol
it's gone but it's not?

Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

You can skip the optional steps here:
https://dl.dropbox.com/u/73555776/waio%20step3.JPG


Select only #25 Restore Important Windows Services.
https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Let the program run,


Let the program run,

If no luck still for plug n play, read over the below links.

http://support.microsoft.com/mats/hardware_device_problems

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/pnp_driver_support.mspx

http://support.microsoft.com/kb/283658
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How to reset Internet Explorer settings

http://support.microsoft.com/kb/923737


http://social.technet.microsoft.com/Forums/ie/en-US/3305deb3-2276-4faf-a647-2461799da9d9/how-do-i-stop-ie-9-from-blocking-websites-from-displaying-content-with-security-certificate-errors


Reset Firefox
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

gogeko34
2014-03-09, 19:24
Let the program run, then get a fresh FSS scan again.


What is FSS again?

Juliet
2014-03-09, 19:42
What is FSS again?
LOL
Me messing up!

Something I had posted to a different User.

Did you proceed with the above post with Windows Repair?

gogeko34
2014-03-11, 18:25
Thanks for everything Juliet. You would have to be superhuman to not get some of the threads mixed up on occasion.

My computer seems to be running pretty well at this time and Outfox tv is not showing up on Mozilla or IE now. I'm still having problems with IE blocking content from every page. I did reset IE settings, but it's still being a pain. I'm just going to use Mozilla unless I have to use IE. I don't really need it much. I think I need IE to access some information on my employers site, but I'm hoping to change employers soon :D:

During this time on the computer I have yet to receive the Plug and Play hardware installation msg, so that my have been resolved by simply changing back to an old mouse. Should I be concerned about this msg if it comes back?

At one point in this process it seemed that AVG went away and is now back. Should I be using AVG or something else to help protect my computer? When I use this desktop I do scan with Spybot at least once a week (should I scan more often?).

Should I uninstall the programs you had me install to fix my computer?

Would my computer support upgrading to Windows 8 and if so should I do so? I see the notes that Microsoft will stop providing support services in a month.

Again, I am so thankful for your help. I am trying to keep this computer working as long as possible as I can not afford to buy a new computer right now. The laptop I have with Ubuntu Linux is really functional for most things, but sometimes I need to use a computer with a Windows operating system.

gogeko34
2014-03-11, 18:28
Also, I would like to be able to print coupons though my computer if possible and I know I need to have Java for most coupon printing. What are your thoughts on this? I suspect it opens my computer up to lots of trouble.

Juliet
2014-03-11, 19:19
During this time on the computer I have yet to receive the Plug and Play hardware installation msg, so that my have been resolved by simply changing back to an old mouse. Should I be concerned about this msg if it comes back?
You can post here, I'll try to help troubleshoot with this but I'm not very good with hardware.


I'm still having problems with IE blocking content from every page. I did reset IE settings
The below links are a good read that show where others had the same issues.
http://answers.microsoft.com/en-us/ie/forum/ie8-windows_xp/internet-explorer-has-blocked-this-website-from/45ddb34b-3ea6-45b5-b26b-22c37af5b6c5
http://social.technet.microsoft.com/Forums/ie/en-US/3305deb3-2276-4faf-a647-2461799da9d9/how-do-i-stop-ie-9-from-blocking-websites-from-displaying-content-with-security-certificate-errors?forum=ieitprocurrentver


At one point in this process it seemed that AVG went away and is now back. Should I be using AVG or something else to help protect my computer? When I use this desktop I do scan with Spybot at least once a week (should I scan more often?).
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Scanning with SpyBot weekly is a good idea, with the list above you have choices. If not satisfied with one you can use a different one. All are good and free choices.

Should I uninstall the programs you had me install to fix my computer?
Yes, I'm about to help with this.


Would my computer support upgrading to Windows 8 and if so should I do so? I see the notes that Microsoft will stop providing support services in a month.
http://forums.whatthetech.com/index.php?showtopic=127901
The above is a very informative response to all the questions you might have about Microsoft and the ending support issue.


Also, I would like to be able to print coupons though my computer if possible and I know I need to have Java for most coupon printing. What are your thoughts on this? I suspect it opens my computer up to lots of trouble.

For this, let's get the latest version of java and set up with restrictions.

Install Java:

Please go here to install Java (http://www.java.com/en/)

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

***
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.




start
DeleteQuarantine:
end


~~~~~~~~~~~~

Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg

Click Run




Any other tools and files found can simply be deleted.

~~~~~~~~~~~~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)

CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.

AdblockPlus

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites.
WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop


Please read the following safe computing articles..

Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)



Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

gogeko34
2014-03-12, 00:37
I uninstalled AVG and the disinfection tools from my computer. I also used FRST to remove quarantine. I installed Microsoft security essentials program and ran it.

I tried to install Java but failed to install. I may just have to let Java go as my computer may not be compatible with the most recent version and many sites that require Java want the most up to date version.

After reviewing some of the info on Windows XP, I'm pretty concerned about the potential problems I could have if I continue to use the internet on this computer. I ran the Windows 7 upgrade adviser and my computer does not have enough RAM. The report said my current graphic adapter will not support Windows Aero user interface. I can probably buy and install more RAM and I don't know how critical the Windows Aero user interface is for basic functioning.

It looks like I would have to reinstall stuff and update some things to function properly with Windows 7. I have pasted the report below. Any thoughts on this?

I feel like if I don't upgrade to Windows 7 (which may be the best I can do) all hell is going to break out. It's like Y2K Armageddon.

Windows 7 Upgrade Advisor Report
Computer Name:
Operating System: Windows XP Professional
CPU: Intel(R) Pentium(R) 4 CPU 2.53GHz
Memory: 512 MB

System Details
Custom installation required You'll need to perform a custom installation of 32-bit Windows 7 and then reinstall your programs. Make sure to back up your files before you begin.
Go online to get important information about installing Windows 7 on a PC running Windows XP
Windows Aero support Your current graphics adapter won't support the Windows Aero user interface. If you want to experience the benefits of Windows Aero, contact your PC manufacturer or retailer to see if an upgrade is available.
Go online to learn more about Windows Aero
512 MB of RAM Your PC needs at least 1 GB of RAM for 32-bit Windows 7 for optimal performance. Contact your PC manufacturer or retailer to see if an upgrade is available.
Outlook Express This program is no longer included in Windows 7. You can get similar programs for Windows 7 from other software manufacturers.
Go to the Microsoft website to learn more
CPU speed: 2.5 GHz Your CPU meets the 1 GHz minimum requirement.
80.2 GB free space available on C: Your hard disk meets the minimum requirement of 16 GB free space for 32-bit Windows 7.

Devices Status Details
Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)
Linksys Action recommended Before installing Windows 7, go to the device manufacturer's website to download the latest driver for this device. After installing Windows 7, install the saved driver.
photosmart 7700 series (DOT4PRINT)
Hewlett-Packard Unknown We don't have compatibility information about this device.
56Kbps Internal Modem
Smart Link (www.smlink.com) Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Avance AC'97 Audio
Avance Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
HID Non-User Input Data Filter (KB 911895)
Microsoft Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
HID Non-User Input Data Filter (KB 911895)
Microsoft Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
hp photosmart 7700 series
Hewlett-Packard Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Intel(R) 82845G Graphics Controller
Intel Corporation Compatible This device is compatible with Windows 7.
Microsoft USB Dual Receiver Wireless Keyboard (IntelliType Pro)
Microsoft Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Microsoft USB Dual Receiver Wireless Mouse (IntelliPoint)
Microsoft Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
photosmart 7700 series (DOT4)
Hewlett-Packard Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
photosmart 7700 series (DOT4PRT)
Hewlett-Packard Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
photosmart 7700 series (DOT4USB)
Hewlett-Packard Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Realtek RTL8139 Family PCI Fast Ethernet NIC
Realtek Compatible This device is compatible with Windows 7.
USB 2.0 Root Hub
NEC Compatible This device is compatible with Windows 7.
USB Mass Storage Device
Compatible USB storage device Compatible This device is compatible with Windows 7.
USB Printing Support
Microsoft Compatible This device is compatible with Windows 7.

Programs Status Details
Microsoft IntelliPoint 5.5
version 5.50.661.0
Microsoft Not compatible This version of the program will not work on Windows 7.
Visit the publisher's website for a possible solution
Microsoft IntelliType Pro 5.5
version 5.50.661.0
Microsoft Not compatible This version of the program will not work on Windows 7.
Visit the publisher's website for a possible solution
Windows Defender
version 1.1.1593.21
Microsoft Corporation Not compatible This version of the program will not work on Windows 7.
Google Earth
version 4.3.7284.3916
Google Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
Microsoft Office XP Professional
version 10.0.6626.0
Microsoft Corporation Paid update required This version of the program will not work on Windows 7.
Get a paid update to a compatible version
Microsoft Works 7.0
version 07.02.0620
Microsoft Corporation Paid update available We don't have compatibility information about this version of the program.
pdfFactory Pro Paid update available We don't have compatibility information about this version of the program.
Get a paid update to a compatible version
RealPlayer (32-bit)
version 7.0.1.444
RealNetworks, Inc. Paid update available We don't have compatibility information about this version of the program.
Get a paid update to a compatible version
RealPlayer
RealNetworks This program has earned Microsoft's Compatible with Windows 7 logo. A free update to a newer version is also available.
Get the free update
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
version 8.0.50727.4053
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2005 Redistributable
version 8.0.61001
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
version 9.0.30729.6161
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Adobe AIR
version 1.5.3.9120
Adobe Systems Inc. Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Adobe Reader 9.5.2
version 9.5.2
Adobe Systems Incorporated Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
K-Lite Codec Pack 8.8.0 (Full)
version 8.8.0 Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 2.0 Service Pack 2
version 2.2.30729
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Winamp (remove only) Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Windows Internet Explorer 8
version 20090308.140743
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Adobe Download Manager
version 1.6.2.103
NOS Microsystems Ltd. Compatible This program is compatible with Windows 7.
Adobe Shockwave Player
version 11.0
Adobe Systems, Inc. Compatible This program is compatible with Windows 7.
Amazon MP3 Downloader 1.0.17
version 1.0.17
Amazon Services LLC Compatible This program is compatible with Windows 7.
DivX Codec
version 6.8.5
DivX, Inc. Compatible This program is compatible with Windows 7.
DivX Player
version 6.8.2 Compatible This program is compatible with Windows 7.
DivX Web Player
version 1.4.2
DivX,Inc. Compatible This program is compatible with Windows 7.
ERUNT 1.1j
Lars Hederer Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.0 Service Pack 2
version 3.2.30729
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.5 SP1
version 3.5
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Client Profile
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Extended
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Outlook Web Access S/MIME
version 6.5.7651.60
Microsoft Compatible This program is compatible with Windows 7.
Microsoft Security Essentials
version 4.4.304.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
QuickTime
version 7.69.80.9
Apple Inc. Compatible This program is compatible with Windows 7.
Shockwave Director 10.3 Compatible This program is compatible with Windows 7.
Spybot - Search & Destroy
version 1.6.0
Safer Networking Limited Compatible This program is compatible with Windows 7.
Tweaking.com - Windows Repair (All in One)
version 2.5.1
Tweaking.com Compatible This program is compatible with Windows 7.
Windows Media Player 11 Compatible This program is compatible with Windows 7.

Windows XP Mode is an optional feature available in Windows 7 Professional and Windows 7 Ultimate that has extra system requirements.
Visit the Windows XP Mode website for more information
Requirement Details
Virtualization technology not supported Your PC does not support hardware assisted virtualization technology.
512 MB of RAM Your PC memory doesn't meet the 2 GB requirement for running Windows XP Mode on 32-bit Windows 7. When running XP Mode, you might experience poor performance.
Extra 15 GB of free space Your PC meets the minimum requirement of 15 GB extra space for installing and running Windows XP Mode.

Juliet
2014-03-12, 00:54
The report said my current graphic adapter will not support Windows Aero user interface. I can probably buy and install more RAM and I don't know how critical the Windows Aero user interface is for basic functioning.
I would think this could be updated or questions asked at the manufacturing site of your computer?
I really have no idea.

Save that log, You would be better helped with these type of questions here.
You will need to register, then create a topic. The gentlemen here will try to help you.
http://forums.whatthetech.com/index.php?showforum=105
Other Computer Problem Techs Chat Area and questions answered

gogeko34
2014-03-12, 01:45
Thanks again and I want you to know I really appreciate all of your help. I will try What the Tech and see what advise they have.

All my best to you, Tonia

Juliet
2014-03-12, 11:35
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif