PC Loading slowly...
Hi Guys:
Back again. Started doing some online gaming and You Tube posting on my PC. I'm getting this 'Lag' when either the games or the videos load. Do I need a new PC?
Heres my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Dad at 10:26:05 on 2013-08-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.702.195 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\documents and settings\dad.your-4dacd0ea75\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Driver Genius] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRERUKzAtRkwxMCsxLVRVRysz"&"prod=90"&"ver=10.0.1390
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: trymedia.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\firefox\profiles\37fti8ke.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\firefox\profiles\37fti8ke.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\dad.your-4dacd0ea75\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-4 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-5-4 101888]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2a\RpcAgentSrv.exe [2008-4-12 98488]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-3-28 370360]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubveo532.sys --> c:\windows\system32\drivers\ubVeo532.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-08-21 16:47:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 16:47:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-15 13:21:42 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-23 19:25:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 19:25:41 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-23 19:25:40 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-23 19:25:40 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-04 07:23:02 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:27:45.31 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-23 10:37:31
-----------------------------
10:37:31.713 OS Version: Windows 5.1.2600 Service Pack 3
10:37:31.713 Number of processors: 1 586 0x4F02
10:37:31.729 ComputerName: YOUR-4DACD0EA75 UserName: Dad
10:37:33.323 Initialize success
10:41:59.282 AVAST engine defs: 13082300
10:51:32.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
10:51:32.335 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
10:51:32.632 Disk 0 MBR read successfully
10:51:32.632 Disk 0 MBR scan
10:51:33.773 Disk 0 unknown MBR code
10:51:33.789 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
10:51:34.836 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
10:51:35.257 Disk 0 scanning sectors +312576705
10:51:35.773 Disk 0 scanning C:\WINDOWS\system32\drivers
10:52:15.325 Service scanning
10:52:51.063 Modules scanning
10:53:10.831 Disk 0 trace - called modules:
10:53:10.847 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
10:53:11.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83451ab8]
10:53:11.206 3 CLASSPNP.SYS[f7cd5fd7] -> nt!IofCallDriver -> \Device\00000077[0x834b4920]
10:53:11.206 5 ACPI.sys[f7b4c620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x834b3a38]
10:53:13.144 AVAST engine scan C:\WINDOWS
10:53:38.631 AVAST engine scan C:\WINDOWS\system32
11:02:18.735 AVAST engine scan C:\WINDOWS\system32\drivers
11:02:44.113 AVAST engine scan C:\Documents and Settings\Dad.YOUR-4DACD0EA75
11:11:44.130 AVAST engine scan C:\Documents and Settings\All Users
11:21:39.649 Scan finished successfully
11:30:20.189 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
11:30:20.189 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"
Attached Files
Hi speedinc ,
My name is OCD . I apologize for the delay, if you still require help please continue:
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear "
Important: All tools MUST be run from the Desktop .
=========================
Using AdwCleaner v3: Scan & Clean :
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" Click on the Scan button. AdwCleaner will begin to scan your computer like it did before. After the scan has finished... This time, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that log file in your next reply. A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
OTL
Download OTL to your desktop. Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it .Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" When the window appears, underneath Output at the top change it to Minimal Output . Check the boxes beside LOP Check and Purity Check . Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt . These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================
In your next post please provide the following :
AdwCleaner.txt OTL.txt Do not post Extras.txt How is the computer running?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Hi speedinc,
Just checking to see if you still need assistance?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
PC loading Slowly...
Hello OCD
Sorry, I didnt see the response til today! I would greatly appreciate it if you could look at my box. Maybe its time for a new one. Give me a moment to respond to your commands....
Re: PC Loading slowly...
Heres The AdwCleaner Log:
# AdwCleaner v3.005 - Report created 23/09/2013 at 01:57:57
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dad - YOUR-4DACD0EA75
# Running from : C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\SendSpace
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\ConduitCommon
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Product Deleted : Ask Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs.js ]
Line Deleted : user_pref("CT3196716..clientLogIsEnabled", true);
Line Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1359634299000", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1366704382000", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_1367225922000", true);
Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);
Line Deleted : user_pref("CT3196716.CT3196716", "CT3196716");
Line Deleted : user_pref("CT3196716.CurrentServerDate", "19-5-2013");
Line Deleted : user_pref("CT3196716.DSInstall", false);
Line Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Tue Dec 11 2012 22:10:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.FirstServerDate", "4-5-2012");
Line Deleted : user_pref("CT3196716.FirstTime", true);
Line Deleted : user_pref("CT3196716.FirstTimeFF3", true);
Line Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT3196716.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3196716.HPInstall", false);
Line Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://www.google.com/ig");
Line Deleted : user_pref("CT3196716.Initialize", true);
Line Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3196716.InstallationType", "Unknown");
Line Deleted : user_pref("CT3196716.InstalledDate", "Thu May 03 2012 22:33:21 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.InvalidateCache", false);
Line Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3196716.IsGrouping", false);
Line Deleted : user_pref("CT3196716.IsInitSetupIni", true);
Line Deleted : user_pref("CT3196716.IsMulticommunity", false);
Line Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3196716.IsProtectorsInit", true);
Line Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3196716.LastLogin_3.12.2.3", "Tue May 29 2012 21:25:07 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Sun Jul 15 2012 10:54:16 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Tue Aug 21 2012 20:46:45 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.15.1.0", "Wed Nov 07 2012 21:30:03 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.100", "Mon Feb 11 2013 08:55:21 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.16.0.3", "Sun Dec 30 2012 19:35:08 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.LastLogin_3.18.0.7", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.LatestVersion", "3.18.0.7");
Line Deleted : user_pref("CT3196716.Locale", "en");
Line Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.12.2.3");
Line Deleted : user_pref("CT3196716.RadioIsPodcast", false);
Line Deleted : user_pref("CT3196716.RadioLastCheckTime", "Tue Dec 11 2012 22:10:01 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3196716.RadioMediaID", "9962");
Line Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
Line Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
Line Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Google");
Line Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Sat May 18 2013 17:15:46 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Sat May 18 2013 17:15:45 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.SettingsLastUpdate", "1368864727");
Line Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Thu May 03 2012 22:33:16 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");
Line Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3196716.UserID", "UN62248300989923426");
Line Deleted : user_pref("CT3196716.ValidationData_Search", 1);
Line Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3196716.WeatherNetwork", "");
Line Deleted : user_pref("CT3196716.WeatherPollDate", "Tue Dec 11 2012 22:10:01 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3196716.WeatherUnit", "F");
Line Deleted : user_pref("CT3196716.alertChannelId", "1613210");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "2423");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6C6D716C70727778");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737273777276787D7E242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "696B6D3E3D3E6C417A747248742048487E4F2551244F532A24265828575A292F295F2931");
Line Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "6A3F3B3F6A7071437A6F75487477774849777B5050");
Line Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6D716C70727772777A73");
Line Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3196716.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<l8daj", "6D7070707673737976762A7A77727C7E752122");
Line Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_000", "5553");
Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT3196716.backendstorage.cbfirsttime", "546875204D617920303320323031322032323A33333A323820474D542D30353030202843656E7472616C204461796C696768742054696D6529");
Line Deleted : user_pref("CT3196716.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");
Line Deleted : user_pref("CT3196716.backendstorage.fired_events", "");
Line Deleted : user_pref("CT3196716.backendstorage.key_date", "3131");
Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "547565204D617920303820323031322032323A33333A323720474D542D30353030202843656E7472616C204461796C696768742054696D6529");
Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Line Deleted : user_pref("CT3196716.backendstorage.url_history0001", "687474703A2F2F617070732E636F6E647569742E636F6D2F3F536561726368536F757263654F726967696E3D323926637469643D435433313936373136266F637469643D435433313[...]
Line Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Thu May 03 2012 22:33:20 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3196716.initDone", true);
Line Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3196716.myStuffEnabled", true);
Line Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT3196716.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3196716.testingCtid", "");
Line Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Sat May 18 2013 17:15:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Thu May 03 2012 22:33:21 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3196716.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716", "\"22235ed05140226d597dbe76454d0a9c3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", "\"1367226736\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:1563\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:144a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:15ff\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15a3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716", "\"6341c50648fd59897cde84cfa3927631\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c4977f141495a426449c43bce7e2dab7\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b382247af9bfb94111de7928f312ff02\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Dad.YOUR-4DACD0EA75\\Application Data\\Mozilla\\Firefox\\Profiles\\37fti8ke.default\\conduitCommon\\modules\\3.16.0.3"[...]
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tools.wiseconvert.com/video_converter.php", "600x598");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.youconvertit.com", "910x618");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 04 2012 01:08:33 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "131629bb-cf34-4379-9550-3b93fcc1ad96");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 11 2012 22:10:02 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 03 2012 22:33:34 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 11 2012 22:10:02 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "1289c324-9d3c-4aae-84b2-2e9d40ccf9e0");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/ig");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
-\\ Google Chrome v
[ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [34696 octets] - [23/09/2013 01:55:19]
AdwCleaner[S0].txt - [35099 octets] - [23/09/2013 01:57:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35160 octets] ##########
RE: PC Loading slowly...
Here's the OTL Log:
OTL logfile created on: 9/23/2013 2:10:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
702.48 Mb Total Physical Memory | 152.39 Mb Available Physical Memory | 21.69% Memory free
1.30 Gb Paging File | 0.69 Gb Available in Paging File | 52.70% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.47 Gb Total Space | 70.98 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32
Computer Name: YOUR-4DACD0EA75 | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
========== Services (SafeList) ==========
SRV - (vToolbarUpdater15.5.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Freemake Improver) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iClarityQoSService) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
DRV - (DCamUSBVeo532) -- System32\Drivers\ubVeo532.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\catchme.sys File not found
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\sandra.sys (SiSoftware)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 BF 68 E7 C9 C6 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{47130832-F17F-4B95-A626-D153584228DC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
FF - prefs.js..extensions.enabledAddons: zigboom.designs%40gmail.com:2.0.8
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com :1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/31 17:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/05/04 22:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 23:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/17 23:02:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 22:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
[2009/07/30 20:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2013/09/16 14:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions
[2013/07/16 23:09:14 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2013/08/15 00:26:06 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\btpersonas@brandthunder.com
[2013/02/04 23:41:04 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\info@djzig.com
[2013/06/21 22:08:24 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\LogMeInClient@logmein.com
[2013/02/05 10:16:39 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\zigboom.designs@gmail.com
[2011/11/26 02:07:22 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\searchplugins\bing-zugo.xml
[2013/09/17 23:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/09/17 23:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 23:03:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/04 22:48:02 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/11/12 17:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2013/05/21 19:11:20 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
O1 HOSTS File: ([2011/07/18 23:38:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012/02/10 23:42:56 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: ('autocheck autochk *')
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/09/23 01:54:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/23 01:39:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Recent
[2013/09/17 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/15 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2013/09/15 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/09/15 17:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\AppData
[2013/09/15 17:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/09/15 17:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
[2013/09/15 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/09/13 08:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/08/31 00:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Shop'NCook Pro
[2013/08/31 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shop'NCook Pro
[2013/08/25 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/09/23 02:20:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/23 02:17:01 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
[2013/09/23 02:01:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 02:01:36 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
[2013/09/23 02:01:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
[2013/09/23 02:01:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
[2013/09/23 02:01:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
[2013/09/23 02:01:35 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
[2013/09/23 02:01:35 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
[2013/09/23 02:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/23 02:00:26 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/23 01:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/23 01:21:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250449246-3165194149-3948157566-1016Core1ce7ec755383511.job
[2013/09/22 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/21 14:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/09/21 10:33:07 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/09/21 10:10:13 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/09/21 08:45:47 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
[2013/09/21 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
[2013/09/19 23:38:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/19 23:38:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/18 17:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/17 10:00:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
[2013/09/16 23:10:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
[2013/09/15 17:21:56 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/09/14 04:24:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
[2013/09/11 03:37:48 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 07:01:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
[2013/09/06 00:55:18 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Dad.job
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/03 11:41:48 | 016,436,183 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
[2013/08/30 11:23:58 | 076,249,771 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
[2013/08/30 08:44:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/26 18:30:29 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/09/15 17:21:57 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/09/15 17:21:56 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2013/09/03 11:39:40 | 016,436,183 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
[2013/08/30 11:23:26 | 076,249,771 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
[2013/05/24 23:29:36 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/04/15 10:29:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave_back.xml
[2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave.xml
[2013/03/02 13:12:44 | 000,001,247 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.Setting.ini
[2012/08/13 10:35:51 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\dt.dat
[2012/05/14 01:21:49 | 002,015,577 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2250449246-3165194149-3948157566-1016-0.dat
[2012/05/14 01:21:37 | 000,338,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 00:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/01 23:52:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/01 23:47:11 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/01 23:37:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/02/01 23:03:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/06 01:29:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\.backup.dm
[2011/09/05 10:04:16 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\webct_upload_applet.properties
[2011/07/02 15:37:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
[2011/07/02 15:37:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
[2011/07/02 15:37:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
[2010/11/04 16:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
[2009/07/30 20:35:30 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 20:20:43 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2008/05/19 01:09:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/12 19:27:21 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/04/12 19:27:20 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mdb
[2008/02/12 00:19:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
========== ZeroAccess Check ==========
[2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/04 01:12:56 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/12/17 13:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/28 10:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/06/18 08:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2012/10/11 09:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/07/17 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/06/02 09:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/12/14 20:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2009/10/12 08:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/12/06 01:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/03/15 06:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/12 02:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/02/01 23:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2013/05/04 22:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2009/02/02 18:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2013/09/15 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/10/16 05:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/09/22 18:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/17 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/03/25 22:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/08/03 00:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/15 10:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/04/04 00:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WarThunder
[2008/07/08 01:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/06/19 00:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2011/01/22 19:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/15 17:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/08/31 10:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Amazon
[2012/05/04 01:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AnvSoft
[2013/05/04 22:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG SafeGuard toolbar
[2012/10/11 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2013
[2011/12/14 20:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\cerasus.media
[2013/03/07 23:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Coby Media Manager
[2012/08/05 14:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\com.amazon.music.uploader
[2013/09/15 17:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
[2011/09/20 22:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\PPIMAGES
[2012/11/19 23:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\StreamPlayer
[2012/10/11 09:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\TuneUp Software
[2013/08/05 01:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Waterfox Limited
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/09 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/09 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/09 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST316081 2AS SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 140.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 9.00GB
Starting Offset: 150835184640
Hidden sectors: 0
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
========== Alternate Data Streams ==========
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
< End of report >
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules