-
-
-
Here are the logs
# AdwCleaner v3.023 - Report created 03/04/2014 at 01:32:12
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : kenneth - PC801713467250
# Running from : C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : ca82e1a5
[#] Service Deleted : DefaultTabSearch
[#] Service Deleted : DefaultTabUpdate
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\LyricsSpeaker
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SingAlong
Folder Deleted : C:\Program Files\MixiDJ_V37
Folder Deleted : C:\Program Files\Vafmusic4
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\MixiDJ_V37
Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Vafmusic4
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\alot-appbar
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Smartbar
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3302997
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3298573
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\CT3279141
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\addon@defaulttab.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\appbar@alot.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{ec966aaa-1510-4c02-8eb0-b42ad0c25e8b}
Folder Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\DOCUME~1\kenneth\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302997
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D057E38-1E36-47AA-B86F-297F71B9FE0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F79395C3-8B78-403E-8953-4C242D3A3C62}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CF028A3-25EE-4A0F-A414-F0F935CCCACA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAD0840B-6432-4C32-BC5A-757FDC153140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6CA6011-7554-4A76-9526-C29DB405CD6C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\lyricsspeaker
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\MixiDJ_V37
Key Deleted : HKCU\Software\Vafmusic4
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\MixiDJ_V37
Key Deleted : HKLM\Software\Vafmusic4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V37 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic4 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V37 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vafmusic4 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v3.6.3 (en-US)
[ File : C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\prefs.js ]
Line Deleted : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.FF19Solved", "true");
Line Deleted : user_pref("CT3279141.FirstTime", "true");
Line Deleted : user_pref("CT3279141.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3279141.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("CT3279141.UserID", "UN20580107978990285");
Line Deleted : user_pref("CT3279141.User_UniqueID.enc", "YjdmYmQzZjMtMjM2ZC04MTgzLWVkNzgtNjM2ZTA2OTg3ODg5");
Line Deleted : user_pref("CT3279141.autoDisableScopes", -1);
Line Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3279141.defaultSearch", "true");
Line Deleted : user_pref("CT3279141.embeddedsData", "[{\"appId\":\"130028020976478709\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3279141.enableAlerts", "always");
Line Deleted : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3279141.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3279141.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3279141.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3279141.fixUrls", true);
Line Deleted : user_pref("CT3279141.hxxp___api31_starwebnet_com.pid2.enc", "NTYzMmRmY2UtYmVkZS1iNDNkLThjYWEtOWI1MjBjMGVjNDkw");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZWVkNTczMWMtYThhYS1hNjE4LWQ5MWItOWZiZjdkMTQzMmYz");
Line Deleted : user_pref("CT3279141.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Deleted : user_pref("CT3279141.hxxp___www_toolbar_ads_com_internetapp.APP_WIN_FEATURES.enc", "");
Line Deleted : user_pref("CT3279141.installDate", "26/2/2013 1:19:49");
Line Deleted : user_pref("CT3279141.installId", "9818");
Line Deleted : user_pref("CT3279141.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3279141.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3279141.key_user_agree_ia12.enc", "MQ==");
Line Deleted : user_pref("CT3279141.key_wellcome_ia12.enc", "MQ==");
Line Deleted : user_pref("CT3279141.keyword", "true");
Line Deleted : user_pref("CT3279141.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3279141.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3279141.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3279141.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3279141%26SearchSource%3D13%26CUI%3DUN20580107978990285\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3279141.openThankYouPage", "false");
Line Deleted : user_pref("CT3279141.openUninstallPage", "true");
Line Deleted : user_pref("CT3279141.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Line Deleted : user_pref("CT3279141.search.searchCount", "0");
Line Deleted : user_pref("CT3279141.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279141\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeB.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke B\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376020390614");
Line Deleted : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1376020393840");
Line Deleted : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376020391297");
Line Deleted : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1376020386296");
Line Deleted : user_pref("CT3279141.serviceLayer_services_login_10.14.65.43_lastUpdate", "1376020404507");
Line Deleted : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376020390747");
Line Deleted : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1376020386275");
Line Deleted : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1376020384946");
Line Deleted : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1376020391701");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376020391057");
Line Deleted : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1376020386463");
Line Deleted : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1376020390509");
Line Deleted : user_pref("CT3279141.settingsINI", true);
Line Deleted : user_pref("CT3279141.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Line Deleted : user_pref("CT3279141.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3279141.smartbar.homepage", true);
Line Deleted : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Line Deleted : user_pref("CT3279141.startPage", "true");
Line Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376020360850,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3298573.FF19Solved", "true");
Line Deleted : user_pref("CT3298573.UserID", "UN16857030743449312");
Line Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298573.fullUserID", "UN16857030743449312.IN.20130810114936");
Line Deleted : user_pref("CT3298573.installDate", "10/08/2013 11:49:34");
Line Deleted : user_pref("CT3298573.installSessionId", "{00CCA5C0-94D1-4FEA-9B40-A571D84958BA}");
Line Deleted : user_pref("CT3298573.installSp", "TRUE");
Line Deleted : user_pref("CT3298573.installerVersion", "1.5.4.5");
Line Deleted : user_pref("CT3298573.keyword", "true");
Line Deleted : user_pref("CT3298573.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN20580107978990285&UM=UM_ID&UP=SPBF8E644F-74BF-47DE-AB7F-4C1747C24738");
Line Deleted : user_pref("CT3298573.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302997&SearchSource=2&CUI=UN34716549461819022&UM=2&q=");
Line Deleted : user_pref("CT3298573.originalSearchEngine", "Vafmusic4 Customized Web Search");
Line Deleted : user_pref("CT3298573.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298573.searchRevert", "false");
Line Deleted : user_pref("CT3298573.searchUserMode", "2");
Line Deleted : user_pref("CT3298573.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298573.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3298573.xpeMode", "0");
Line Deleted : user_pref("CT3302997.FF19Solved", "true");
Line Deleted : user_pref("CT3302997.FirstTime", "true");
Line Deleted : user_pref("CT3302997.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3302997.UserID", "UN34716549461819022");
Line Deleted : user_pref("CT3302997.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3302997.autoDisableScopes", 10);
Line Deleted : user_pref("CT3302997.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3302997.defaultSearch", "true");
Line Deleted : user_pref("CT3302997.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3302997.enableAlerts", "true");
Line Deleted : user_pref("CT3302997.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3302997.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3302997.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3302997.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3302997.fixUrls", true);
Line Deleted : user_pref("CT3302997.installDate", "1/6/2013 2:50:20");
Line Deleted : user_pref("CT3302997.installId", "stub.exe");
Line Deleted : user_pref("CT3302997.installSessionId", "{9A9C510D-8C3C-4DE5-94EA-8F0FDC35CEF3}");
Line Deleted : user_pref("CT3302997.installSp", "TRUE");
Line Deleted : user_pref("CT3302997.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3302997.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3302997.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3302997.keyword", "true");
Line Deleted : user_pref("CT3302997.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3302997.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3302997.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3279141%26SearchSource%3D13%26CUI%3DUN20580107978990285\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3302997.openThankYouPage", "false");
Line Deleted : user_pref("CT3302997.openUninstallPage", "true");
Line Deleted : user_pref("CT3302997.originalHomepage", "about:home");
Line Deleted : user_pref("CT3302997.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("CT3302997.originalSearchEngine", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("CT3302997.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3302997.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3302997.searchRevert", "false");
Line Deleted : user_pref("CT3302997.searchUserMode", "2");
Line Deleted : user_pref("CT3302997.serviceLayer_services_serviceMap_lastUpdate", "1376020384627");
Line Deleted : user_pref("CT3302997.settingsINI", true);
Line Deleted : user_pref("CT3302997.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3302997.smartbar.CTID", "CT3302997");
Line Deleted : user_pref("CT3302997.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3302997.smartbar.homepage", "true");
Line Deleted : user_pref("CT3302997.smartbar.toolbarName", "Vafmusic4 ");
Line Deleted : user_pref("CT3302997.startPage", "true");
Line Deleted : user_pref("CT3302997.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3302997.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3302997_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376020360133,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&SearchSource=13&CUI=UN20580107978990285");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302997&SearchSource=2&CUI=UN34716549461819022&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN16857030743449312&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Bueno\", \"window_content\": \"<html>\\[...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN16857030743449312&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3302997&CUI=UN34716549461819022&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3279141&SearchSource=13&CUI=UN205801[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20580107978990285&UM=UM_ID&q=,hxxp://search.conduit.com/ResultsExt.aspx[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.machineId", "QYSLHY1UBDRB8RVBQ5BHT1KTVVZUA1UBSTDJCN/428TRWSHB9KJ0RP9O1QP5WKFMQWMIHQALM42RH4PJWD5Q0A");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3302997&CUI=UN34716549461819022&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [25821 octets] - [03/04/2014 01:29:22]
AdwCleaner[S0].txt - [26192 octets] - [03/04/2014 01:32:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26253 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by kenneth on Thu 04/03/2014 at 1:56:34.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5FB76A0E-7C3F-45EE-AFDE-6B66C15942FE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ECB0515E-E11C-41A6-B3CE-ECEE03B5B13A}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\kenneth\Local Settings\Application Data\cre"
~~~ FireFox
Successfully deleted the following from C:\Documents and Settings\kenneth\Application Data\mozilla\firefox\profiles\ytasw4hq.default\prefs.js
user_pref("extensions.alotab.errorUrl", "hxxp://search.alot.com/error?src_id=30662&client_id=1c8a5cb4a851d83eaa3b8879&camp_id=4052&install_time=2013-08-09T03:52:37Z&pr=errs&tb
user_pref("extensions.defaulttab.active.affiliate", 3566);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "21F0380D2FCD791AD582AA3DD2044036");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
user_pref("extensions.defaulttab.lastUsed", 1376020504);
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/03/2014 at 2:30:09.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Good,
You had a ton of bogus toolbars and whatnot installed, sometimes these are all linked together.
http://techpageone.dell.com/technolo...0#.Uz0kWvldVL3
I want to give you a heads up on Windows XP as Microsoft will be dropping support for this version in just a few days, it will go down the same path as Win 95 and 98, it will still work and you can continue to use it but without all the windows updates that help make it secure you would be taking a chance doing any online banking or purchases using a credit card, the bad guys are chomping at the bit waiting for this as XP will then be easier to exploit.
You may want to consider upgrading to Windows 7 but that depends on the firing power of this computer, you can download and run the Win 7 upgrade advisor and see where you stand, we can go over this a bit later when where done
http://www.microsoft.com/en-us/downl...ils.aspx?id=20
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
Malwarebytes log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/3/2014
Scan Time: 1:43:13 PM
Logfile: Malwarebytes log.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.03.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: kenneth
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290644
Time Elapsed: 1 hr, 10 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 5
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.exe, 1460, Delete-on-Reboot, [737eba6bee8df145ff1bab9aa06159a7]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\utilFortunitas.exe, 1904, Delete-on-Reboot, [d71ad74e077445f1a07ae16402ff9c64]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\FilterApp_C.exe, 2256, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5]
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.exe, 3348, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5]
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe, 1732, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4]
Modules: 3
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
Registry Keys: 29
PUP.Optional.Fortunitas.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Fortunitas, Quarantined, [737eba6bee8df145ff1bab9aa06159a7],
PUP.Optional.Fortunitas.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Fortunitas, Quarantined, [d71ad74e077445f1a07ae16402ff9c64],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{c6f3fc7b-d607-44ec-9caf-2a41d547137f}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{eff4f283-3c8b-4a01-8297-ddc839210b86}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94F1FD29-FDC2-4BF9-B008-AFB0452634E6}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C6F3FC7B-D607-44EC-9CAF-2A41D547137F}, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{C6F3FC7B-D607-44EC-9CAF-2A41D547137F}\INPROCSERVER32, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\CLSID\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{1B13EA0A-0F47-4678-8848-0CB84FDE303D}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE0B5EDA-7AA2-4D65-B0D7-3785B1BD285F}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.LyricsAd, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{15467C9F-3784-4109-89C9-6ED7100B96B8}, Quarantined, [f3fea87d3843c76fb3ba010d07fbd62a],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [856c2ef7a2d9142223f544ca11f103fd],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [856c2ef7a2d9142223f544ca11f103fd],
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [ab46af761d5ec76f3cc2b556cb37bf41],
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, Quarantined, [ab46af761d5ec76f3cc2b556cb37bf41],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [ed048f969eddfe382395d66a3ec45ca4],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [866b2afb7605cd69d516d33aea1839c7],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [b04161c48eeda591e7050409bd452ad6],
PUP.Optional.Solimba, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, Quarantined, [628faa7bd8a387afc9318c71bd43cb35],
PUP.Optional.WeatherAlerts.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DesktopWeatherAlerts, Quarantined, [f4fd47deb0cb65d15406dc5f699b5fa1],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Fortunitas, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\Fortunitas, Quarantined, [b73a9f86116ada5cac730665bb4703fd],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [777a7da80d6e1e182272cea1cc3639c7],
PUP.Optional.Fortunitas.A, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Fortunitas, Quarantined, [50a1e1441f5cae88d7473635d42e9b65],
Registry Values: 1
PUP.Optional.ConduitSearchProtect, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\bin\cltmng.exe, Quarantined, [b140d253611ace68e6e186f99f64fe02]
Registry Data: 3
Trojan.0Access, HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32, C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\n., Good: (fastprox.dll), Bad: (C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.),Replaced,[fbf65bca94e7ca6cd779ea27e51f5da3]
PUM.Hijack.StartMenu, HKU\S-1-5-21-2420282109-1773090242-3309790634-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[7b761d08afccb383c66d3dd2689cba46]
PUM.Hijack.StartMenu, HKU\S-1-5-21-2420282109-1773090242-3309790634-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[50a144e1f388d85e91a28e819e666898]
Folders: 17
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\TEMP, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch\1.4.0.0, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
Files: 82
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.exe, Delete-on-Reboot, [737eba6bee8df145ff1bab9aa06159a7],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\utilFortunitas.exe, Delete-on-Reboot, [d71ad74e077445f1a07ae16402ff9c64],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\FortunitasBHO.dll, Quarantined, [af4226ff641774c2b46553f24eb3827e],
PUP.Optional.DomalQ, C:\Documents and Settings\kenneth\My Documents\Downloads\Java.exe, Quarantined, [49a8c560cead1c1a43f473ca3ec20bf5],
PUP.Optional.Solimba, C:\Documents and Settings\kenneth\My Documents\Downloads\Setup.exe, Quarantined, [628faa7bd8a387afc9318c71bd43cb35],
HackTool.Agent, C:\Program Files\Twitter Marketing Bot.exe, Quarantined, [579ac1647209d363e221364204fc57a9],
PUP.Optional.Softonic.A, C:\Program Files\SoftonicDownloader_for_mobipocket-reader-desktop.exe, Quarantined, [a54c3ee7bdbe42f4165da3754ab77789],
PUP.Optional.InstallIQ.A, C:\Program Files\gimp_installer_2068.exe, Quarantined, [6c85b174ff7c092d19868f7fc8395da3],
PUP.Optional.Monetizer, C:\Documents and Settings\kenneth\Local Settings\Temp\jki140.tmp, Quarantined, [26cb70b5ee8d94a29f7247207988ad53],
Backdoor.Bot, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\android.exe, Quarantined, [7c7553d27b0022149d0e194b33ce857b],
PUP.Optional.WeatherAlerts.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\DesktopWeatherAlertsSetup.exe, Quarantined, [c52cc65f5229e35306541427be464ab6],
PUP.Optional.Fortunitas.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\FortunitasSetup.exe, Quarantined, [9a57012499e2e155d705767621e24eb2],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\tugs_key-find.exe, Quarantined, [07ea0322512a95a1acfb3d119170a759],
PUP.Optional.SilenceInstall, C:\Documents and Settings\kenneth\Local Settings\Temp\e1524b6e-1d63-4fe8-86d8-712b2ef6604d\software\VOPackage.exe, Quarantined, [8071998c403b41f5428ced4dfa067789],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\fullpackage_temp1396234924\alilog.dll, Quarantined, [37baa87d0972b185f41fc66c1be542be],
PUP.Optional.SkyTech.A, C:\Documents and Settings\kenneth\Local Settings\Temp\fullpackage_temp1396234924\package1.zip, Quarantined, [11e01f06aecd072fe72c75bd7090b050],
Backdoor.Bot, C:\Documents and Settings\kenneth\Local Settings\Temp\android\android.exe, Quarantined, [af420e17b0cb3afce1ca0e56649dc33d],
PUP.Optional.WeatherAlerts.A, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsuninstall.exe, Quarantined, [f4fd47deb0cb65d15406dc5f699b5fa1],
PUP.Optional.QuickStart.A, C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [14ddce5763180135fb51f36b41c10af6],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\Fortunitas.ico, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\7za.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\FortunitasUninstall.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\updateFortunitas.InstallState, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\7za.exe, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\BrowserAdapterS.7z, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\FilterApp_C.exe, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLS.dll, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\XTLSApp.exe, Delete-on-Reboot, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.Bromon.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.BrowserAdapterS.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.CompatibilityChecker.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.FFUpdate.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.IEUpdate.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.Fortunitas.A, C:\Program Files\Fortunitas\bin\plugins\Fortunitas.PurBrowseG.dll, Quarantined, [e50c53d222593df90e0fdd8e5ea45ba5],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk, Quarantined, [d918899c4338ad89a2ab204b1ee409f7],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Weather Alerts.lnk, Quarantined, [10e1cf565c1fe155113d73f828da867a],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\nsprotector.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\abstraction.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\application.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\popupTransparent.xul, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.SearchProtect.A, C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png, Quarantined, [a74a869f25568babd3f3176aa85be11f],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_2eymnc5l1vm4ey5z1beasywuj0cfb4ch\1.4.0.0\user.config, Quarantined, [c72a9e87f6850630f8a1b99c08fa6d93],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp0.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsBrowser.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsK.dat.U.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsU.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\uninstall.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WAUpdater.exe, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WAUpdater.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe, Delete-on-Reboot, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe.config, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.0.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.1.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.2.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\3711.3.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330230343.790\mergetree, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.2.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.3.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.4.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
PUP.Optional.WeatherAlerts, C:\Documents and Settings\kenneth\Local Settings\Application Data\WeatherAlerts\0330231138\3711.5.tmp, Quarantined, [668ba085e2995adccfcb5203d2305ca4],
Physical Sectors: 0
(No malicious items detected)
(end)
I was headed to work and closed it without saving it. I came home and search the software to copy it. It's above!
-
OTL.Txt log
OTL logfile created on: 4/4/2014 1:15:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\kenneth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.23 Mb Total Physical Memory | 341.27 Mb Available Physical Memory | 33.62% Memory free
2.38 Gb Paging File | 1.80 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 101.01 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
Computer Name: PC801713467250 | User Name: kenneth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\kenneth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - c:\Documents and Settings\kenneth\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcloorr.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\14040301\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RTS5121.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.SYS File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (tStLibG) -- C:\WINDOWS\system32\drivers\tStLibG.sys (StdLib)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
DRV - (SysCow) -- C:\WINDOWS\system32\drivers\syscow32x.sys (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (Cam3820) -- C:\WINDOWS\system32\drivers\cam3820a.sys (CamVendor)
DRV - (SaibVd32) -- C:\WINDOWS\system32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\WINDOWS\system32\drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\WINDOWS\system32\drivers\SaibIa32.sys (Sonic Solutions)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.key-find.com/web/?type=ds&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=...S18PJDNSA10144
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\SearchScopes\{E04D8C24-22C9-424C-90F9-0FA9DFB1C771}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enUS358
IE - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 00:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/03 14:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/03 14:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/03 14:56:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net: C:\Program Files\LyricsSpeaker\120.xpi
[2012/05/07 15:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Extensions
[2014/04/03 01:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/07 15:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis
[2009/03/18 16:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\kenneth\Application Data\Mozilla\Firefox\Profiles\ytasw4hq.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2013/07/31 09:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{EC966AAA-1510-4C02-8EB0-B42AD0C25E8B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KENNETH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YTASW4HQ.DEFAULT\EXTENSIONS\QUICK_START@GMAIL.COM
[2014/04/01 00:32:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/12/05 05:47:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2014/02/03 14:55:23 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2014/03/30 23:04:11 | 000,000,551 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\key-find.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://att.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2008/04/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auction Auto Bidder] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\kenneth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\xenwuj.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2420282109-1773090242-3309790634-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4397C3C-4801-45DB-97C8-078873CCB5F1}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/04 00:48:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/03 12:28:58 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/03 12:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/03 12:28:02 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 12:28:01 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/03 12:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/03 12:16:14 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\kenneth\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/03 01:56:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/03 01:53:32 | 001,038,974 | ---- | C] (Thisisu) -- C:\Documents and Settings\kenneth\Desktop\JRT.exe
[2014/04/03 01:29:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/02 10:55:41 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\kenneth\Desktop\aswMBR.exe
[2014/04/02 10:46:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\kenneth\Desktop\dds.scr
[2014/04/02 10:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014/04/02 10:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/04/02 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/04/01 01:02:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kenneth\My Documents\Dropbox
[2014/04/01 00:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
[2014/04/01 00:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/04/01 00:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Dropbox
[2014/04/01 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
[2014/04/01 00:32:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/30 23:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Application Data\key-find
[2014/03/30 23:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kenneth\Start Menu\Programs\Weather Alerts
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/18 06:43:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/12 00:55:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/03/12 00:55:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/03/12 00:55:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/03/12 00:55:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/03/12 00:55:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/03/12 00:55:49 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/03/12 00:55:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/03/12 00:55:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/03/12 00:55:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/03/12 00:55:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/03/12 00:55:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/03/12 00:55:47 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/03/12 00:55:47 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/03/12 00:55:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/03/12 00:55:46 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/03/12 00:55:45 | 006,022,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/03/12 00:55:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/03/12 00:55:44 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/03/12 00:55:43 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/03/12 00:55:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/12 09:18:55 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2012/08/24 01:47:33 | 026,822,384 | ---- | C] (Intuit) -- C:\Program Files\QuickBooksInstallDiagnosticTool.exe
[2012/08/09 01:32:18 | 006,785,285 | ---- | C] (KompoZer ) -- C:\Program Files\kompozer-0.8b3.en-US.win32.exe
[2012/07/24 02:49:15 | 052,249,417 | ---- | C] (www.AuctionListingCreator.com ) -- C:\Program Files\ListingFactory_2012_Setup.exe
[2012/07/10 12:39:18 | 001,982,061 | ---- | C] (Auctonic) -- C:\Program Files\Auctonic.exe
[2012/07/05 01:19:48 | 000,813,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2012/05/10 02:39:47 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2012/05/10 01:28:54 | 001,810,833 | ---- | C] (BrainWave) -- C:\Program Files\HCP.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/04 01:26:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\ADOBE FLASH PLAYER UPDATER.JOB
[2014/04/04 01:19:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/04/04 01:00:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINEUA.JOB
[2014/04/04 00:56:44 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 00:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kenneth\Desktop\OTL.exe
[2014/04/04 00:42:01 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/04 00:37:32 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:37:28 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:37:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADELOGONTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/04/04 00:35:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GOOGLEUPDATETASKMACHINECORE.JOB
[2014/04/04 00:34:59 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/04 00:34:59 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/04/04 00:34:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/04 00:34:12 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/03 13:54:14 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/03 12:28:16 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 12:19:57 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\kenneth\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/03 01:53:39 | 001,038,974 | ---- | M] (Thisisu) -- C:\Documents and Settings\kenneth\Desktop\JRT.exe
[2014/04/03 01:19:51 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
[2014/04/02 11:10:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\MBR.dat
[2014/04/02 10:56:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\kenneth\Desktop\aswMBR.exe
[2014/04/02 10:46:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\kenneth\Desktop\dds.scr
[2014/04/02 10:39:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:39:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\NTREGOPT.lnk
[2014/04/02 10:39:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\ERUNT.lnk
[2014/04/02 10:31:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\DTReg.job
[2014/04/01 10:51:37 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 10:50:19 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/04/01 00:42:18 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/01 00:32:49 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/01 00:32:49 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/01 00:32:48 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/01 00:32:48 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/01 00:32:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/04/01 00:32:47 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/01 00:32:46 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/01 00:32:45 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/01 00:32:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/01 00:09:40 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/30 23:13:14 | 000,506,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/30 23:13:14 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/30 23:04:53 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/30 23:04:50 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/30 23:04:12 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/25 12:38:13 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/24 12:01:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\REALUPGRADESCHEDULEDTASKS-1-5-21-2420282109-1773090242-3309790634-1007.JOB
[2014/03/18 13:52:32 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 07:29:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/12 07:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/12 07:25:25 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 03:07:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/05 09:26:10 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/03 12:28:16 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 01:19:42 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\AdwCleaner.exe
[2014/04/02 11:10:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\MBR.dat
[2014/04/02 10:39:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/04/02 10:39:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\NTREGOPT.lnk
[2014/04/02 10:39:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\ERUNT.lnk
[2014/04/02 10:19:13 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/04/01 10:51:36 | 000,001,032 | ---- | C] () -- C:\Documents and Settings\kenneth\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/01 01:02:31 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\kenneth\Desktop\Dropbox.lnk
[2014/03/31 23:38:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2014/03/31 23:38:22 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2420282109-1773090242-3309790634-1007.job
[2014/03/18 11:59:39 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\MICROSOFT WINDOWS XP END OF SERVICE NOTIFICATION LOGON.JOB
[2014/03/18 11:59:39 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2013/06/20 03:20:35 | 012,570,054 | ---- | C] () -- C:\Program Files\hifsetup.zip
[2013/05/16 09:47:33 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/16 09:47:33 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/16 09:03:43 | 117,478,104 | ---- | C] () -- C:\Program Files\avast_free_antivirus_setup.exe
[2013/05/15 00:16:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/04 11:08:25 | 000,411,003 | ---- | C] ( ) -- C:\Program Files\PinBot-v1-3-Setup.exe
[2013/04/19 13:11:31 | 150,064,088 | ---- | C] () -- C:\Program Files\AFM Tutorial_Videos.zip
[2013/04/19 12:07:05 | 004,790,449 | ---- | C] () -- C:\Program Files\afm_v2_06.zip
[2013/04/16 02:58:50 | 001,271,683 | ---- | C] () -- C:\Program Files\inbox-profits.zip
[2013/04/15 01:48:21 | 000,474,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2420282109-1773090242-3309790634-1007-0.dat
[2013/04/15 01:31:24 | 050,947,546 | ---- | C] () -- C:\Program Files\Free_PLR_Products-dkas.zip
[2013/04/15 00:56:37 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to afm.lnk
[2013/04/14 17:30:56 | 086,167,160 | ---- | C] () -- C:\Program Files\PLR_Facebook_Fans_Stampede.zip
[2013/04/14 16:39:47 | 004,764,001 | ---- | C] () -- C:\Program Files\afm.zip
[2013/04/12 17:18:39 | 000,045,814 | ---- | C] () -- C:\Program Files\extension_1_0_5.crx
[2013/04/11 11:52:55 | 009,593,826 | ---- | C] () -- C:\Program Files\eBay_Social_Selling_Best_Practices[1].pdf
[2013/03/23 08:57:34 | 336,558,358 | ---- | C] () -- C:\Program Files\FanPage Store Generator.zip
[2013/03/22 18:59:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/02/17 14:57:54 | 000,111,115 | ---- | C] () -- C:\Program Files\STF_2013-02-17_1361127423957 GA 2012 return.pdf
[2013/02/17 14:56:08 | 000,164,764 | ---- | C] () -- C:\Program Files\FTF_2013-02-17_1361127298608 Fed 2012 return.pdf
[2013/02/17 14:53:23 | 000,024,649 | ---- | C] () -- C:\Program Files\2012 Ga refund.pdf
[2013/01/25 11:36:58 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\fusioncache.dat
[2012/12/13 03:36:13 | 000,361,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/14 01:49:14 | 000,246,364 | ---- | C] () -- C:\Program Files\2freechapters-silentsalesmachine-dot-com[1].pdf
[2012/08/24 11:56:00 | 000,012,314 | ---- | C] () -- C:\Documents and Settings\kenneth\.recently-used.xbel
[2012/08/15 01:55:26 | 000,016,839 | ---- | C] () -- C:\Program Files\Autograph Ebook cover 3.jpg
[2012/07/23 13:43:24 | 003,762,328 | ---- | C] () -- C:\Program Files\InternetBusinessBasics.zip
[2012/07/23 13:36:17 | 005,227,079 | ---- | C] () -- C:\Program Files\InternetMarketingFromA-Z.zip
[2012/07/23 11:02:34 | 000,609,436 | ---- | C] () -- C:\Program Files\spelloe_setup.exe
[2012/07/19 13:46:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012/07/19 13:46:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012/07/19 13:46:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/07/06 13:36:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\kenneth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 03:08:19 | 000,008,983 | ---- | C] () -- C:\Program Files\ETSY 089.jpg
[2012/07/06 03:08:18 | 000,061,506 | ---- | C] () -- C:\Program Files\ETSY 051.jpg
[2012/07/06 02:15:36 | 000,020,224 | ---- | C] () -- C:\Program Files\Green.jpg
[2012/07/06 01:45:58 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\kenneth\.gtk-bookmarks
[2012/07/05 12:00:34 | 018,117,717 | ---- | C] () -- C:\Program Files\GimPhoto-1.4.3_setup.exe
[2012/06/22 00:11:39 | 010,606,592 | ---- | C] () -- C:\Program Files\creator.msi
[2012/05/31 12:35:38 | 000,264,025 | ---- | C] () -- C:\Program Files\Cabinet-Repair-Vol-1-PDF.pdf
[2012/05/28 09:43:11 | 000,013,990 | ---- | C] () -- C:\Program Files\Turbo lister problems.csv
[2012/05/10 02:52:41 | 151,801,119 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
[2012/05/10 01:20:47 | 005,433,105 | ---- | C] () -- C:\Program Files\hifsetup.exe
[2012/05/10 01:13:47 | 007,589,922 | ---- | C] () -- C:\Program Files\kop-setup.zip
[2012/05/09 09:43:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\kenneth\Application Data\wklnhst.dat
[2012/05/07 16:08:40 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/05/07 14:02:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/05/01 19:21:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/15 01:53:42 | 006,624,351 | ---- | C] () -- C:\Program Files\twitter-marketing-bot.mp4
[2011/01/15 01:53:42 | 000,039,391 | ---- | C] () -- C:\Program Files\TwitterMarketingBot.png
[2011/01/15 01:53:40 | 000,071,852 | ---- | C] () -- C:\Program Files\Twitter Marketing Bot.ubot
========== ZeroAccess Check ==========
[2013/05/07 00:57:36 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@
[2013/05/07 00:57:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L
[2013/05/17 08:04:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U
[2013/05/07 00:57:54 | 000,000,928 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@
[2009/08/24 12:33:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\n.
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/15 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/15 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/12/04 15:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AddOn
[2014/01/19 10:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/12/05 18:22:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
[2013/12/05 13:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2013/12/04 09:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/12/04 09:56:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/12/04 09:15:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJETV
[2013/12/04 13:33:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/12/04 14:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/05/01 19:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clearwire
[2012/12/13 09:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/08/24 13:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/08/24 13:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2014/01/19 10:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\AVAST Software
[2013/12/04 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Canon
[2013/12/05 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Canon Easy-WebPrint EX
[2012/07/19 13:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/04/04 00:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Dropbox
[2014/04/01 01:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\DropboxMaster
[2012/08/24 12:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\gtk-2.0
[2012/09/20 09:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\KDPublishingPro
[2014/03/30 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\key-find
[2012/08/09 01:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\kompozer.net
[2012/08/12 03:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Mobipocket
[2012/05/10 09:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\OpenOffice.org
[2012/05/09 09:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\Template
[2013/05/02 23:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\ubot
[2013/04/14 16:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kenneth\Application Data\UBot Studio
========== Purity Check ==========
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules