Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Babylon search

  • 19-10-2012 11:08PM
    #1
    jos28
    Registered Users, Registered Users 2 Posts: 7,263 ✭✭✭


    Has anyone managed to successfully remove this. It has attached itself to Firefox, Chrome and IE8. I spent all day following various sets of instructions on all the relevant forums and it still comes back. I have lost count of the efforts I have made to remove this. I just scanned with AdwCleaner , perhaps someone might be able to point me in the right direction from the AdwCleaner log below;
    AdwCleaner v2.005 - Logfile created 10/19/2012 at 23:01:47
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Jan - JAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jan\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\Jan\AppData\LocalLow\boost_interprocess

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Found : HKU\S-1-5-21-173732994-851493283-2612663853-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default-1350675334824 [Profil par défaut]
    File : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\1zaxbvg2.default-1350675334824\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116259&tt=031012_IKAN_4212_6&babsrc=HP_ss&mntrId=6e291701000000000000f67bcb81e1b7" ]
    Found [l.1857] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=116259&tt=031012_IKAN_4212_6&babsrc=HP_ss&mntrId=6e291701000000000000f67bcb81e1b7" ]

    *************************

    AdwCleaner[R1].txt - [24310 octets] - [19/10/2012 00:49:31]
    AdwCleaner[S1].txt - [19746 octets] - [19/10/2012 00:50:17]
    AdwCleaner[R2].txt - [3411 octets] - [19/10/2012 23:01:47]

    ########## EOF - C:\AdwCleaner[R2].txt - [3471 octets] ##########


«1

Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    jos28
    Registered Users, Registered Users 2 Posts: 7,263 ✭✭✭jos28


    Thanks ASJ,
    Here are the results
    OTL. Txt
    OTL logfile created on: 19/10/2012 23:14:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 55.43% Memory free
    5.73 Gb Paging File | 4.28 Gb Available in Paging File | 74.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.79 Gb Total Space | 142.82 Gb Free Space | 64.69% Space Free | Partition Type: NTFS

    Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/19 23:13:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Downloads\OTL.exe
    PRC - [2012/10/16 08:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Video Performer Manager\2.3.811.154\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe
    PRC - [2012/10/14 16:18:59 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/02/25 15:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/01/30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/07 01:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/04/15 19:55:02 | 001,449,984 | ---- | M] () -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/16 08:48:00 | 002,360,864 | ---- | M] () -- C:\ProgramData\Video Performer Manager\2.3.811.154\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe
    MOD - [2012/10/16 08:47:12 | 002,075,680 | ---- | M] () -- C:\ProgramData\Video Performer Manager\2.3.811.154\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll
    MOD - [2012/10/14 16:18:58 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/01/17 20:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
    SRV:64bit: - [2010/08/09 03:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2010/02/05 21:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/02/05 03:17:42 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
    SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/16 08:48:00 | 002,360,864 | ---- | M] () [Auto | Running] -- C:\ProgramData\Video Performer Manager\2.3.811.154\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe -- (Video Performer Manager)
    SRV - [2012/10/14 16:18:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/08 23:29:05 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 15:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
    SRV - [2010/01/30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2010/01/07 01:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/12/24 01:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/04/15 19:55:02 | 001,449,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe -- (SWAS_Core)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/07/31 11:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/07/31 11:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009/12/22 02:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/12/18 04:38:54 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/12/17 18:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/11/26 22:15:12 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/11/06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/10/26 05:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/09/17 13:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2009/05/26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2007/08/13 21:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/08/13 03:48:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&m=aspire_4820t&r=27361210t706l04e3z195t4531j258
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&m=aspire_4820t&r=27361210t706l04e3z195t4531j258
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&m=aspire_4820t&r=27361210t706l04e3z195t4531j258
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116259&tt=031012_IKAN_4212_6&babsrc=SP_ss&mntrId=6e291701000000000000f67bcb81e1b7
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enIE411IE414
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 15:37:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/10 23:36:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/04 15:17:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/12 12:06:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 16:18:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 16:18:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/10/26 20:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Extensions
    [2012/10/19 21:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\1zaxbvg2.default-1350675334824\Extensions
    [2012/10/19 00:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\4ovvmmr7.default\extensions
    [2012/10/19 00:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/14 16:18:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/10/14 16:18:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/10/14 16:18:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/14 16:18:55 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.ie/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.ie/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: Skype Click to Call = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
    CHR - Extension: Gmail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/19 18:07:18 | 000,444,635 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15270 more lines...
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D9FA42A-2A09-4D25-B4F3-CF7EA3AEEF14}: DhcpNameServer = 89.101.160.4 89.101.160.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FF82275-98FB-450A-8CD7-99BD35203189}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
    O20 - AppInit_DLLs: (c:\progra~3\videop~1\23811~1.154\{16cdf~1\videom~1.dll) - c:\ProgramData\Video Performer Manager\2.3.811.154\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\Shell - "" = AutoRun
    O33 - MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/19 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\SpeedMaxPc
    [2012/10/19 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\DriverCure
    [2012/10/19 22:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
    [2012/10/19 21:22:23 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/10/19 20:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/10/19 20:35:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Old Firefox Data-1
    [2012/10/19 17:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/10/19 17:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/19 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/10/19 17:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/10/19 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\PC Cleaners
    [2012/10/19 15:29:41 | 004,588,344 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
    [2012/10/19 15:29:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\PCPro
    [2012/10/19 15:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2012/10/19 00:51:29 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Old Firefox Data
    [2012/10/17 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
    [2012/10/17 23:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Video Performer Manager
    [2012/10/14 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/14 00:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\DDMSettings
    [2012/10/10 14:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/10/09 23:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/10/05 13:45:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jan\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/05 12:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\13C4
    [2012/10/01 20:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clip Extractor DB Toolbar Toolbar
    [2012/10/01 20:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Auto Updater
    [2012/10/01 20:04:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater
    [2012/10/01 20:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Updater
    [2011/07/04 20:54:14 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jan\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/10/19 22:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/19 22:38:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/19 22:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/19 21:33:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/19 21:33:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/19 21:26:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/19 21:26:10 | 2307,989,504 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/19 21:22:23 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/10/19 18:07:18 | 000,444,635 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/19 17:22:59 | 000,001,286 | ---- | M] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/19 17:22:59 | 000,001,262 | ---- | M] () -- C:\Users\Jan\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/19 15:29:02 | 004,588,344 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
    [2012/10/19 12:16:36 | 098,132,498 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/10/18 20:47:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/15 18:34:27 | 000,729,386 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/10/15 13:28:31 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/15 13:28:31 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/15 13:28:31 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/13 17:37:53 | 000,001,814 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\wklnhst.dat
    [2012/10/09 23:37:31 | 000,002,277 | ---- | M] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/10/08 20:02:19 | 000,006,144 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/05 13:45:41 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jan\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/03 19:05:16 | 000,482,065 | ---- | M] () -- C:\Users\Jan\Desktop\2012 09 25 Irish Times.jpg
    [2012/10/01 20:14:39 | 000,000,596 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/19 17:22:59 | 000,001,286 | ---- | C] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/19 17:22:59 | 000,001,262 | ---- | C] () -- C:\Users\Jan\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/09 23:37:31 | 000,002,277 | ---- | C] () -- C:\Users\Jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/10/05 15:03:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/03 19:05:15 | 000,482,065 | ---- | C] () -- C:\Users\Jan\Desktop\2012 09 25 Irish Times.jpg
    [2012/10/01 20:14:39 | 000,000,596 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
    [2011/11/04 22:21:31 | 000,017,032 | ---- | C] () -- C:\Users\Jan\.TransferManager.db
    [2011/07/04 20:54:14 | 000,099,384 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\inst.exe
    [2011/07/04 20:54:14 | 000,007,859 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\pcouffin.cat
    [2011/07/04 20:54:14 | 000,001,167 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\pcouffin.inf
    [2011/07/04 20:37:33 | 000,001,057 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\vso_ts_preview.xml
    [2011/06/03 20:15:46 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/01/12 23:10:10 | 000,001,814 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\wklnhst.dat
    [2010/12/27 19:53:55 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
    [2010/12/25 21:21:48 | 000,006,144 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/25 19:58:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/03/17 11:08:10 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/20 16:10:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\AVG2012
    [2011/12/15 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Barnes & Noble
    [2012/10/19 22:33:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DriverCure
    [2011/03/23 22:01:56 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\GARMIN
    [2011/07/04 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Leawo
    [2011/07/04 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Leawo Video2AVI v2
    [2011/07/04 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Moyea
    [2011/12/17 20:08:02 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\MusicNet
    [2012/10/19 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PC Cleaners
    [2012/10/19 15:29:47 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PCPro
    [2011/09/10 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Samsung
    [2012/08/26 19:31:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Smilebox
    [2012/10/19 22:33:28 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\SpeedMaxPc
    [2011/01/13 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Template
    [2011/07/04 20:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Vso
    [2011/06/03 20:11:13 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:1BDA6F7A
    @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:0A5BA9A0
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C46995DA
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B9176C0
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:798A3728
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57

    < End of report >

    Extras.Txt
    OTL Extras logfile created on: 19/10/2012 23:14:10 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 55.43% Memory free
    5.73 Gb Paging File | 4.28 Gb Available in Paging File | 74.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.79 Gb Total Space | 142.82 Gb Free Space | 64.69% Space Free | Partition Type: NTFS

    Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09FF7C61-1B3E-4A00-9721-85E8158695FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{13AAF387-5138-4ECF-ADD3-D87BD78226A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{148DA750-F66C-4B20-A3A7-0B75078F5A89}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{166F4E4D-8D08-48AB-A39A-3EEF0E774FCB}" = lport=445 | protocol=6 | dir=in | app=system |
    "{229139B1-4F55-4D8B-A395-7E5210B5B775}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2DD11B5B-835E-42BC-80AD-FDE5BF663246}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3539FAF4-BA5C-49DB-9EF8-436DAF5F1E1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3FA3224D-0542-4D7E-AD56-84457E313737}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{45F88EE6-D8FB-4563-8A96-454DFF12D853}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4DBC0427-195D-456D-BF5E-169196A8CC02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{54D7B701-2A11-424D-9EF2-516D976A3C12}" = lport=139 | protocol=6 | dir=in | app=system |
    "{61228E16-53DF-4AA9-BC85-650322D2DD09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6207BF70-BBE7-4F21-8CB3-DABDDF12C641}" = rport=137 | protocol=17 | dir=out | app=system |
    "{676EF20C-3040-43CB-81E2-9326D1AC6B8D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{67EC8020-2A9A-4542-B38D-CDB9BCC5DF1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7B04DEE6-DBC1-4F3D-99F1-A527FA3F4B0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{810CB22F-0260-45ED-A3E2-8C20D5FF17DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{88182D44-517C-4C20-8378-1C98F4DAA736}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{901C7E4C-D345-4676-B3E8-40B30BC010F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9665C600-215F-43B8-A3C6-8D927F52E6AE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{9AD3BCB5-EE60-4148-9745-DF623A05AE3A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A677C67F-38DA-4188-98D2-DDD8DEF99D8F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AFF73ED4-E57C-4CAF-B9EB-FE3071CA9599}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B9C84044-9B70-4522-AAE9-35BAF709F860}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BE21C196-FE46-4394-B246-8F2E4DE4FCA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{C78E273D-92B8-4BB7-AE82-51EA9B7CDCCA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{C9A6B195-9A7E-4574-A405-080F46812FDA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D682F17B-BB4B-4474-90BA-A177D4B7787C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E1D6C8E3-407A-4A99-9785-45E3121FB503}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{016184E5-DF50-4F1C-B707-C3C8BF1B2D03}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{0A14A7C4-0FB5-4379-A12A-4926FAE435DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0A6447C3-A772-4053-B962-80E8EF5DD688}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{0BC1F31A-57DC-4FDD-8E3F-3328BFFFDC47}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{0CBAF06B-9EF9-4734-940A-08F8B9492D71}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{0F5EB390-7B6B-44E5-959F-A49E0D83E006}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{11E1709B-E0E3-4253-BF79-F2DCAB9D3C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{1262474D-1A01-4DA2-985F-9E0D6CCD1054}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{1457E146-22E7-42A2-8AA0-FFD050655A45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{1465CA4E-6617-422E-B49D-133ADE907E17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1A3DE8D8-EBA4-497D-B571-543CF2ADEC54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1C44ECD1-D6D6-40F0-B948-88FD330100B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{22360843-9C50-4A9F-82C4-E38540724E56}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{28934A01-8652-477D-A9FF-6D2701EB663C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{29CFB539-FF85-4804-AE3C-6FF1891102C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{2A61E7E0-C748-4E92-92B8-8A756746FFF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{37C851E7-6F03-4360-97AA-15D6B92CE8B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3FD9C80F-8494-4F22-85B8-512B892D6E90}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
    "{436EF0AB-8561-4F4C-9E70-FEE8C0EDA206}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{44BDCA7A-A476-467B-9846-7E23B0BC9D92}" = protocol=17 | dir=in | app=c:\program files (x86)\


  • #4
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    i too would love to know how to get rid of the babalyon search its a right PITA


  • #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    jos28 do this

    open OTL copy and paste this in the custom scan/fixes box


    :OTL
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...00f67bcb81e1b7
    O33 - MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\Shell - "" = AutoRun
    O33 - MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives.


    spannermonkey do this

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #6
    jos28
    Registered Users, Registered Users 2 Posts: 7,263 ✭✭✭jos28


    ASJ thank you so much for all your help. I followed your instructions and here is the result:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{077caa8b-1429-11e0-8eb4-c80aa9344da1}\ not found.
    File F:\LaunchU3.exe -a not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jan
    ->Temp folder emptied: 11914378 bytes
    ->Temporary Internet Files folder emptied: 1604391 bytes
    ->Java cache emptied: 4462218 bytes
    ->Google Chrome cache emptied: 28978097 bytes
    ->Flash cache emptied: 41999 bytes

    User: Niall
    ->Temp folder emptied: 34154 bytes
    ->Temporary Internet Files folder emptied: 173798 bytes
    ->Flash cache emptied: 75 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 736418 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84659 bytes
    RecycleBin emptied: 4562997661 bytes

    Total Files Cleaned = 4,397.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jan
    ->Flash cache emptied: 0 bytes

    User: Niall
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jan
    ->Java cache emptied: 0 bytes

    User: Niall

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jan\Downloads\cmd.bat deleted successfully.
    C:\Users\Jan\Downloads\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 10222012_165432

    Files\Folders moved on Reboot...
    C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Advertisement
  • #7
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    any traces of babylon left ?


  • #8
    jos28
    Registered Users, Registered Users 2 Posts: 7,263 ✭✭✭jos28


    Not a trace ASJ :D
    I have no idea what you did but it worked. I have used Firefox, Chrome and IE and no Babylon !! There are hundreds of 'fixes' online and none of them worked. I spent hours trying to get rid of it without luck. THANK YOU !!


  • #9
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    That's why I'm here ;)


  • #10
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    OTL logfile created on: 24/10/2012 00:45:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    15.96 Gb Total Physical Memory | 11.56 Gb Available Physical Memory | 72.46% Memory free
    31.91 Gb Paging File | 27.81 Gb Available in Paging File | 87.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 36.85 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 907.19 Gb Free Space | 97.39% Space Free | Partition Type: NTFS

    Computer Name: COSMOS_II | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/24 00:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
    PRC - [2012/10/23 23:50:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
    PRC - [2012/10/22 23:20:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/10/22 22:13:05 | 003,341,464 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
    PRC - [2012/10/22 21:53:36 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/10/22 21:53:36 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/08/04 01:26:56 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam1\Steam.exe
    PRC - [2012/06/21 17:07:06 | 003,825,152 | ---- | M] (SourceForge.net) -- C:\Program Files (x86)\Password Safe\pwsafe.exe
    PRC - [2012/06/07 19:33:22 | 000,421,776 | ---- | M] (Apple Inc.) -- E:\New folder (3)\iTunesHelper.exe
    PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    PRC - [2012/05/09 11:13:40 | 000,887,712 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
    PRC - [2012/02/08 14:05:50 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- E:\ASUS Z77 Sabertooth\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
    PRC - [2012/02/08 05:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe
    PRC - [2012/02/02 15:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- E:\ASUS Z77 Sabertooth\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
    PRC - [2012/02/02 10:56:35 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
    PRC - [2011/12/30 18:42:50 | 001,153,664 | ---- | M] (ASUSTeK Computer Inc.) -- E:\ASUS Z77 Sabertooth\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    PRC - [2011/10/31 09:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    PRC - [2011/10/29 02:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
    PRC - [2011/05/12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
    PRC - [2011/04/25 11:00:22 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
    PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Users\Dave\Desktop\AI Suite II\AsRoutineController.exe
    PRC - [2010/10/21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/22 21:53:36 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/10/22 21:53:36 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
    MOD - [2012/10/22 21:53:36 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
    MOD - [2012/10/10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012/10/10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012/10/10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012/10/10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012/10/10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012/10/10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2012/10/04 22:37:03 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam1\bin\libcef.dll
    MOD - [2012/10/04 22:37:03 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam1\bin\chromehtml.dll
    MOD - [2012/10/04 22:37:02 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam1\bin\avcodec-53.dll
    MOD - [2012/10/04 22:37:02 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam1\bin\avformat-53.dll
    MOD - [2012/10/04 22:37:02 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam1\bin\avutil-51.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/02/02 15:12:48 | 000,786,432 | ---- | M] () -- E:\ASUS Z77 Sabertooth\AI Suite II\Network iControl\NetSvcHelp\func.dll
    MOD - [2012/01/20 10:17:16 | 000,150,528 | ---- | M] () -- E:\ASUS Z77 Sabertooth\AI Suite II\Network iControl\NetSvcHelp\gep.dll
    MOD - [2011/04/19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll
    MOD - [2010/10/05 08:22:50 | 000,253,952 | ---- | M] () -- E:\ASUS Z77 Sabertooth\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
    MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/09/27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/10/23 23:50:50 | 000,281,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2012/10/22 23:20:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/10/22 21:53:36 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/10/09 02:43:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
    SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/05 19:04:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/02/08 05:37:27 | 001,492,912 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe -- (AsusFanControlService)
    SRV - [2012/02/02 10:56:35 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
    SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
    SRV - [2011/10/29 02:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
    SRV - [2011/05/27 11:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2011/04/25 11:00:22 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2011/04/25 11:00:20 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
    SRV - [2010/10/21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/22 21:53:36 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/09/02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/08/12 11:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
    DRV:64bit: - [2011/07/27 18:13:06 | 001,631,808 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2011/05/12 16:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/08/17 18:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
    DRV:64bit: - [2010/02/23 07:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
    DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 21 5A 9B 6C AE CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&mid=3fd9ba3f129d47d0914b4c45656382ae-f497effae0e67f5ef6e8a57f23ca56bb2c0ce819&lang=en&ds=AVG&pr=pr&d=2012-10-22 21:53:40&v=13.2.0.3&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{AB84B8DB-FA96-450D-854C-9716056CE2F3}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520&quot;
    FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:10.10.27.6
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&mid=3fd9ba3f129d47d0914b4c45656382ae-f497effae0e67f5ef6e8a57f23ca56bb2c0ce819&lang=en&ds=AVG&pr=pr&d=2012-10-22 21:53:40&v=13.2.0.3&sap=ku&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\New folder (3)\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.3 [2012/10/22 21:53:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/10 03:11:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/07/10 03:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
    [2012/09/10 01:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\extensions
    [2012/09/10 01:35:21 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2012/07/10 03:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/10/22 21:53:37 | 000,003,741 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&mid=3fd9ba3f129d47d0914b4c45656382ae-f497effae0e67f5ef6e8a57f23ca56bb2c0ce819&lang=en&ds=AVG&pr=pr&d=2012-10-22 21:53:40&v=13.2.0.3&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - homepage: http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: CutePDF Editor Toolbar = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandfbcihcbimjeehajifhciaocmbi\7.15.4.23955_0\
    CHR - Extension: Angry Birds = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Better Battlelog (BBLog) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\2.6.0_0\
    CHR - Extension: AdBlock = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: Battlefield Heroes = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.140.0_0\
    CHR - Extension: BattlelogPlus = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphojmgkbcmdjpaepolkjeienkacpjpi\1.38_0\
    CHR - Extension: AVG Secure Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.3_0\
    CHR - Extension: Vuze Remote = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\
    CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.3\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.3\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
    O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
    O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [iTunesHelper] E:\New folder (3)\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam1\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D49D01-9793-4BCA-9570-83933D795805}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/24 00:42:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\My Safes
    [2012/10/23 00:30:20 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\PasswordSafe
    [2012/10/23 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
    [2012/10/23 00:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
    [2012/10/22 23:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ Warfighter
    [2012/10/22 22:13:10 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Origin
    [2012/10/22 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    [2012/10/22 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\AVG2013
    [2012/10/22 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\AVG Secure Search
    [2012/10/22 21:53:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
    [2012/10/22 21:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/22 21:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/10/22 21:53:39 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/10/22 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/10/22 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/10/22 21:52:58 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/10/22 21:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/10/22 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/10/22 21:27:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/10/22 21:27:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\MFAData
    [2012/10/22 21:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/10/22 21:27:34 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Avg2013
    [2012/10/22 21:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/22 21:20:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/21 15:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/10/21 15:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/21 15:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/10/21 13:39:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
    [2012/10/21 13:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/21 13:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/18 17:17:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/10/18 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/10/18 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/10/15 01:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/10/15 01:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/10/15 01:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/02 13:03:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\My Games
    [2012/10/02 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\My Games
    [2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/10/24 00:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/24 00:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049699982-200942821-3356349951-1000UA.job
    [2012/10/23 23:50:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2012/10/23 23:50:50 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/10/23 23:49:42 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/10/23 21:58:31 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/23 21:58:31 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/23 21:58:31 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/23 21:57:09 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 21:57:09 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 21:49:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/23 21:49:46 | 4259,749,886 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/23 00:05:14 | 000,001,072 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
    [2012/10/23 00:05:14 | 000,001,030 | ---- | M] () -- C:\Users\Dave\Desktop\Password Safe.lnk
    [2012/10/22 23:21:01 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
    [2012/10/22 23:20:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/10/22 22:00:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
    [2012/10/22 21:53:43 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 21:53:36 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/10/22 21:20:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/22 21:10:02 | 000,829,039 | ---- | M] () -- C:\Users\Dave\AppData\Local\census.cache
    [2012/10/22 21:10:01 | 000,089,833 | ---- | M] () -- C:\Users\Dave\AppData\Local\ars.cache
    [2012/10/21 15:48:55 | 000,001,282 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/21 15:48:55 | 000,001,258 | ---- | M] () -- C:\Users\Dave\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/21 15:27:03 | 000,000,000 | -H-- | M] () -- C:\Users\Dave\Documents\Default.rdp
    [2012/10/21 15:12:21 | 000,000,036 | ---- | M] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
    [2012/10/21 14:31:46 | 000,025,097 | ---- | M] () -- C:\Users\Dave\Desktop\1d72fa265257551ef736808ab4c9dc23.png
    [2012/10/21 01:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3049699982-200942821-3356349951-1000Core.job
    [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012/10/04 21:14:40 | 000,000,229 | ---- | M] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V (DirectX 11).url
    [2012/10/02 23:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2012/10/02 20:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
    [2012/10/02 04:16:07 | 000,000,222 | ---- | M] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V SDK.url
    [2012/10/02 04:16:07 | 000,000,221 | ---- | M] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V.url
    [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012/09/30 13:06:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/23 00:05:14 | 000,001,072 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
    [2012/10/23 00:05:14 | 000,001,030 | ---- | C] () -- C:\Users\Dave\Desktop\Password Safe.lnk
    [2012/10/22 23:21:01 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
    [2012/10/22 22:00:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
    [2012/10/22 21:53:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 21:20:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/21 15:48:55 | 000,001,282 | ---- | C] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/21 15:48:55 | 000,001,258 | ---- | C] () -- C:\Users\Dave\Desktop\Spybot - Search & Destroy.lnk
    [2012/10/21 15:27:03 | 000,000,000 | -H-- | C] () -- C:\Users\Dave\Documents\Default.rdp
    [2012/10/21 15:19:24 | 000,829,039 | ---- | C] () -- C:\Users\Dave\AppData\Local\census.cache
    [2012/10/21 15:19:18 | 000,089,833 | ---- | C] () -- C:\Users\Dave\AppData\Local\ars.cache
    [2012/10/21 15:12:21 | 000,000,036 | ---- | C] () -- C:\Users\Dave\AppData\Local\housecall.guid.cache
    [2012/10/21 14:31:46 | 000,025,097 | ---- | C] () -- C:\Users\Dave\Desktop\1d72fa265257551ef736808ab4c9dc23.png
    [2012/10/15 01:30:16 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
    [2012/10/04 21:14:40 | 000,000,229 | ---- | C] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V (DirectX 11).url
    [2012/10/02 04:16:07 | 000,000,222 | ---- | C] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V SDK.url
    [2012/10/02 04:16:07 | 000,000,221 | ---- | C] () -- C:\Users\Dave\Desktop\Sid Meier's Civilization V.url
    [2012/09/23 16:58:42 | 000,188,968 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/06/09 00:52:28 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
    [2012/06/09 00:52:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
    [2012/06/09 00:52:28 | 000,047,383 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
    [2012/06/09 00:52:28 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
    [2012/06/09 00:30:03 | 000,001,022 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
    [2012/06/09 00:30:01 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
    [2012/06/09 00:30:01 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
    [2012/06/03 20:26:39 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
    [2012/06/03 20:21:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/06/03 20:21:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/06/03 20:16:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/06/03 20:16:34 | 000,037,083 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/06/02 03:28:32 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/06/02 03:28:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/06/02 01:33:14 | 000,738,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/02 01:01:58 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2012/06/02 01:01:16 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
    [2012/06/02 01:01:15 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
    [2012/06/01 06:14:01 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/01/17 11:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/06/09 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\ASUS
    [2012/10/22 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013
    [2012/10/14 22:37:48 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Azureus
    [2012/06/12 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Leadertech
    [2012/09/18 00:49:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mumble
    [2012/10/22 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Origin
    [2012/08/11 21:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\six-updater
    [2012/07/28 23:40:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\six-zsync
    [2012/07/03 03:43:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\The Creative Assembly
    [2012/10/24 00:40:52 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TS3Client
    [2012/09/11 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\ts3overlay
    [2012/10/22 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
    [2012/07/07 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Ubisoft

    ========== Purity Check ==========



    < End of report >


  • #11
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    OTL Extras logfile created on: 24/10/2012 00:45:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    15.96 Gb Total Physical Memory | 11.56 Gb Available Physical Memory | 72.46% Memory free
    31.91 Gb Paging File | 27.81 Gb Available in Paging File | 87.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 238.37 Gb Total Space | 36.85 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 907.19 Gb Free Space | 97.39% Space Free | Partition Type: NTFS

    Computer Name: COSMOS_II | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01D34FE6-7AF9-49EE-92FF-D43617B14B14}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{18357EC6-7450-4099-8932-FE341E13F5B9}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1D78C232-6865-4FC0-A41E-5C4EC450FB3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2C396601-122A-460C-A7AE-FE3769F72AA5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{2C89938E-C3F7-4342-B809-2DA865124356}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2E0B47E3-52DD-4CF0-B1C5-D5AF18AD30FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{35DEA21B-4382-4D29-805C-92F7437165DB}" = lport=137 | protocol=17 | dir=in | app=system |
    "{360731CA-A970-4745-B152-A2DF31C40798}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3C76983B-00D6-44BC-B2CB-9CA416DB4FFF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{5801A592-C6A3-43B9-9AA4-05951DA5BF29}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6F2C64B0-E699-4637-8F42-BDF8CFA25A47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{70CCBEBE-B16D-44A5-BA9F-BB020FCEE0D6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{79D4EA97-8B3D-422A-A422-8E9BEA445486}" = rport=445 | protocol=6 | dir=out | app=system |
    "{7BEE7835-A578-4E77-8094-607B4E69E88C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8851A2C8-BC0F-414F-94E4-326535965F01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8D1DA15D-A099-4C85-8117-0745E276CCE2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9BCD0EF1-8B46-4CD5-890D-DD7544715CAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A4202096-1527-40A2-8827-7B170D17AFF8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4D2B3C5-F4A3-49B3-BED8-E97AD61B9A49}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B76BAD6A-AFA7-4D52-A0D8-EB66EE198003}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D0C083D2-CAE4-41F6-A6C4-1B4357181989}" = lport=49201 | protocol=6 | dir=in | name=akamai netsession interface |
    "{DC4128B0-1572-49BD-88A7-F681CD3CB1DD}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E5C0DA1E-B643-4832-A240-4C0174A76401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F309047F-6DB8-447B-9A8C-A70AD0C03E71}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01BDA2D3-CB44-42BE-A11B-117EF92ADEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
    "{0ED9EB06-6C9D-4502-B95E-C8A3C00208D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
    "{12227462-8611-4931-A1AC-2159E365246E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
    "{14258F74-BFBD-4804-AE94-22AB1C531EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
    "{14629865-C72A-446D-AE7D-5AF5E66934D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{16C727B8-24A6-44F8-9E6C-D9DAE2627416}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
    "{18A5CBB9-D5F8-45CD-A4E8-3EE9D8F15793}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{1C74D163-FF97-47D6-8D6D-1EE9786E4732}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{1C883219-BB82-46D3-BD71-FD0EC15F8FCB}" = protocol=6 | dir=out | app=system |
    "{1DDEDDFB-436F-4E47-9CF4-AF0B47C4F914}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{21BAB3DB-9ACB-4341-AC06-0FE951A23D9A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{2B58DFD5-24E2-41B4-9515-1CBFA1090C87}" = protocol=17 | dir=in | app=e:\asus z77 sabertooth\ai suite ii\ai suite ii.exe |
    "{35E45F9F-5F2C-450A-971A-8E0F5C27A15D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{393492F9-5921-4DF2-A14F-9B300A277872}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{39DAB986-3F4E-4E5F-AD07-0E3F2177E031}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{40821A31-82F1-481A-91A5-C709994C4FBA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{48D80EBA-1EA0-4DA4-8291-4B3DC7CE1AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\sid meier's civilization v\launcher.exe |
    "{4AAC2EB3-853D-49F4-AA30-B19C2871ABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4C3D10DA-1972-4C9F-B0C0-CA889ACCABE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{4C50D441-F3DE-419D-8916-2D8E8F86D23F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{579C2336-5442-43BD-B289-5AB96DA7D110}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5F2B2383-4B22-4D4A-A795-30CC92E6224F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6CBAA2B5-3DFF-4648-AA79-B275C16BBC58}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{6F5E3EC0-B5C9-43A1-B827-CA9AC7752752}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7268F3D3-A28D-4A15-BDC7-E3C5C1B2832D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\empire total war\empire.exe |
    "{73CA5CB3-86BC-4EF6-AF66-26293046FEF6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{73F57890-1687-46C4-B0E4-29100BAFDE03}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{743B3EC2-1A4C-4044-8DFB-1E3B853D0E56}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
    "{75C74FDB-3B48-4C4B-8FEF-506C11256B4C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
    "{761669EB-E053-4959-AE5B-E87B06203B08}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
    "{78C230C6-8BE7-4803-AFD7-AB7F76F00252}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7A224EC1-7B82-48EB-A6FB-0BBCAB2A550F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{7B2C7401-1133-4FFD-869A-674D9B7DA888}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7DA14EA2-DE70-4C34-9686-CA3D3F243E52}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{8037A86C-1127-4026-8EA0-C634B314D0A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{834AE6B8-0657-4813-AA80-ECAB90532914}" = protocol=6 | dir=in | app=e:\asus z77 sabertooth\ai suite ii\ai suite ii.exe |
    "{83ACED5B-4A71-4E84-BB9D-35C5D11654D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\empire total war\empire.exe |
    "{86980206-00F2-46B0-B71E-009C388D57D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{888A9576-3A61-4397-915D-558D046837C2}" = dir=in | app=e:\new folder (3)\itunes.exe |
    "{89610B2A-548A-410C-AFE3-317E578EAF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steam.exe |
    "{89C89405-C56C-4294-9F12-0C5B80AE4AB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{91DBD61C-1563-452D-9EAD-3EDC3AF3F1A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9718C04F-A088-4402-90C1-53DE37DFE2B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{97B3D869-2699-492F-8F36-41D7987F6D69}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{99258694-C576-4011-ACEC-4456E029BF36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{99DFF1A5-D1BA-483E-8FDD-216C3FF5613B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\sid meier's civilization v\launcher.exe |
    "{9BCBCD58-8BE7-41BE-8DE8-D407EC936670}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
    "{9C22E292-F1CF-4844-ADF0-532348A67F69}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{9D45706A-887C-456C-A002-FF62F88F9842}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{9FF6DDF2-2A09-43A6-B141-6514FC8BF68B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{A0EC9B94-BD77-4823-A4C4-0A8540B08A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A8C6421D-A6E1-45DB-B4EF-B9F62651F0AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{B16BCC85-347B-4B50-AA05-35A7A02B5EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
    "{B1D5A437-06FF-47D3-8440-85E4C66B69E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
    "{B34FBC94-2261-4669-ACB7-4F0EE3875533}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{B35AB25E-1249-4753-A37C-468924D35836}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{B4714FE2-4F9A-4142-BF08-98B20B702ADE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B4CBA6BA-4E7B-46BB-BB40-B8059843D8F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B6E716E5-6DB0-426D-9376-452249ED2519}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B7DEF5C2-742B-418A-82B9-CF1406C64491}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{C30B64A6-ADFA-4A25-8EF6-9FE58CD17E97}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
    "{C4974542-C25D-4187-8FCD-6052E2DD914C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{CB673BD9-5E63-46A8-9E3C-10238EF462FC}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{CFBA8AD0-D5DF-41CC-BF63-510184AC4475}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
    "{CFEE27A7-9033-4271-BB49-5F9442D84A66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{D16C8ABE-16AA-4330-9E8D-B22437B903F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{DFE1BD22-E44A-44BF-B3BB-B67D8CA85A1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{E643E5E9-CF24-4975-A7B5-3F68A9AC5D46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E648FCEA-4081-4A98-A07D-1E3F7AFBDAE7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{EF4A0774-5978-4CC2-B3B6-B4A7E13F3F08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EFF97AF7-EACA-401C-B77C-927D3B2139EB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F9960B54-D6AA-4397-B2D5-90A855874C80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FFD01F8C-A1DA-4695-8801-A8D92B2CB771}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "TCP Query User{478D73B0-FFC1-4C21-83B4-9F3E6808145B}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
    "TCP Query User{47EEA9AA-4CE4-47AE-85E8-52DAA902588B}C:\program files (x86)\steam1\steamapps\davy_b\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam1\steamapps\davy_b\team fortress 2\hl2.exe |
    "TCP Query User{483A85FF-904F-490A-B1B3-50CB6FEE0AA0}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "TCP Query User{53146678-2BFA-4F78-902D-17CF08964811}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
    "TCP Query User{81A71B57-882C-44B1-9719-AABF507A17B7}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{DBCAB86A-2979-4EEF-8119-34DC65FA191C}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
    "UDP Query User{00BC0495-A5FE-480F-BC95-DDF8439EF066}C:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
    "UDP Query User{311D8302-A079-43BB-878B-7D241D686439}C:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\expansion\beta\arma2oa.exe |
    "UDP Query User{41688AC2-C2F3-417C-9735-CE208E387FBA}C:\program files (x86)\steam1\steamapps\davy_b\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam1\steamapps\davy_b\team fortress 2\hl2.exe |
    "UDP Query User{6A7D64DF-1E1E-486F-A800-07A455EB12E2}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "UDP Query User{BE5186A1-745D-4661-B146-B491CC817C0A}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{FF848C1F-07A0-44F4-912C-F4C4742DFC1D}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{BD8411DB-FBD5-40C2-B797-464F92FD3AA9}" = AVG 2013
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "C-Media Oxygen HD Audio Driver" = ASUS Xonar Essence STX Audio Driver
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "sp6" = Logitech SetPoint 6.32
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Belkin N750 Dual Band Wireless USB Adapter
    "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
    "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}" = Razer BlackWidow Ultimate Firmware Updater
    "{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{E3AC9740-66D4-412F-AE55-DD0428F78175}" = Razer BlackWidow Ultimate
    "{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FA6C04F0-DC19-49B7-8910-DA3DF4B8BC1D}" = DayZ Commander
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ArmA 2" = ArmA 2 Uninstall
    "Arma 2 Army of The Czech Republic (LITE)" = Arma 2 Army of The Czech Republic (LITE) Uninstall
    "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "ESN Sonar-0.70.4" = ESN Sonar
    "Fraps" = Fraps
    "GameSpy Arcade" = GameSpy Arcade
    "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OpenAL" = OpenAL
    "Origin" = Origin
    "Password Safe" = Password Safe
    "PROPLUSR" = Microsoft Office Professional Plus 2007
    "PunkBusterSvc" = PunkBuster Services
    "SpeedFan" = SpeedFan (remove only)
    "Steam App 10500" = Empire: Total War
    "Steam App 16830" = Sid Meier's Civilization V SDK
    "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
    "Steam App 8930" = Sid Meier's Civilization V
    "VLC media player" = VLC media player 2.0.1

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = CutePDF Editor Toolbar Updater
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 21/10/2012 09:42:58 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 21/10/2012 10:13:20 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 21/10/2012 11:15:49 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 21/10/2012 15:19:48 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 22/10/2012 16:00:56 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 22/10/2012 16:05:48 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 22/10/2012 16:46:25 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    Error - 22/10/2012 17:00:03 | Computer Name = Cosmos_II | Source = Windows Installer 3.1 | ID = 921877
    Description =

    Error - 22/10/2012 18:24:03 | Computer Name = Cosmos_II | Source = Application Error | ID = 1000
    Description = Faulting application name: bf3.exe, version: 1.4.0.0, time stamp:
    0x500530ad Faulting module name: bf3.exe, version: 1.4.0.0, time stamp: 0x500530ad
    Exception
    code: 0xc0000005 Fault offset: 0x0068eaa2 Faulting process id: 0x1c54 Faulting application
    start time: 0x01cdb0a3dd54b0c7 Faulting application path: C:\Program Files (x86)\Origin
    Games\Battlefield 3\bf3.exe Faulting module path: C:\Program Files (x86)\Origin
    Games\Battlefield 3\bf3.exe Report Id: 2e9ea376-1c97-11e2-b23f-f837cd30b55c

    Error - 23/10/2012 16:50:05 | Computer Name = Cosmos_II | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 21/10/2012 11:11:08 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 21/10/2012 11:11:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 22/10/2012 19:38:15 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 23/10/2012 16:49:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 23/10/2012 16:49:54 | Computer Name = Cosmos_II | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5


    < End of report >


  • Advertisement
  • #12
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    here ya go ,thanks very much:)
    just noticed it only scans last 30 days , Babylon has been there longer than that , does that matter ?


  • #13
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    na this will remove it


    open OTL copy and paste this in the custom scan/fixes box


    :OTL
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520&quot;
    CHR - homepage: http://search.babylon.com/?affID=113...0008863b485520
    CHR - homepage: http://search.babylon.com/?affID=113...0008863b485520

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives. Tell me how its running


  • #14
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    All processes killed
    ========== OTL ==========
    Prefs.js: "http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520&quot; removed from browser.startup.homepage
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to change the HomePage.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dave
    ->Temp folder emptied: 151919321 bytes
    ->Temporary Internet Files folder emptied: 237537924 bytes
    ->Java cache emptied: 2113620 bytes
    ->FireFox cache emptied: 67217038 bytes
    ->Google Chrome cache emptied: 13019762 bytes
    ->Flash cache emptied: 3584 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19706466 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
    RecycleBin emptied: 2663437004 bytes

    Total Files Cleaned = 3,043.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Dave
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Dave
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dave\Downloads\cmd.bat deleted successfully.
    C:\Users\Dave\Downloads\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 10252012_164356

    Files\Folders moved on Reboot...
    C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • #15
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    You Sir are clearly a LEGEND !!! :cool:

    ive been looking for ages for a way to remove this babalyon piece of crap and it is finally gone :D

    thanks so much !!:)


  • #16
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    ok i was wrong its back :(

    it seems to be the first thing my browser looks up when i start it up , im using Chrome BTW


  • #17
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you run that same fix in safe mode


  • #18
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    When I go into safe mode , OTL disappears off my program list ????


  • #19
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    where did you save OTL ? Is it not on your desktop still when you go into safe mode ?


  • #20
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    never mind found it :o

    did it in safe mode still no good , its still here :(

    here was the result from otl, which suggest it should be gone but its not :mad::(

    All processes killed
    ========== OTL ==========
    Prefs.js: "http://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520&quot; removed from browser.startup.homepage
    Use Chrome's Settings page to change the HomePage.
    Use Chrome's Settings page to change the HomePage.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dave
    ->Temp folder emptied: 4346877 bytes
    ->Temporary Internet Files folder emptied: 2844354 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 99368830 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 59629 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 102.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Dave
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Dave
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Unable to start System Restore Service. Error code 1084
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Could not flush the DNS Resolver Cache: Function failed during execution.
    C:\Users\Dave\Desktop\cmd.bat deleted successfully.
    C:\Users\Dave\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 10282012_212858

    Files\Folders moved on Reboot...
    C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48814FF4-C446-4FC0-A57B-B7010CBB56CE}.tmp not found!
    File\Folder C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B5484E8A-9468-424D-9607-827699866691}.tmp not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • #21
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    download and run adwcleaner

    http://www.bleepingcomputer.com/download/adwcleaner/

    post the log from it


  • Advertisement
  • #22
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    # AdwCleaner v2.005 - Logfile created 10/28/2012 at 22:40:01
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Dave - COSMOS_II
    # Boot Mode : Normal
    # Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\Users\Dave\AppData\Local\APN
    Folder Found : C:\Users\Dave\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Dave\AppData\Local\Conduit
    Folder Found : C:\Users\Dave\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\Dave\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Dave\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\Dave\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Dave\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\CT2504091
    Folder Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Folder Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\Smartbar
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\Software\APN
    Key Found : HKLM\Software\AskToolbar
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKU\S-1-5-21-3049699982-200942821-3356349951-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-3049699982-200942821-3356349951-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v13.0.1 (en-US)

    Profile name : default
    File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\prefs.js

    Found : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Found : user_pref("CT2504091.FirstTime", "true");
    Found : user_pref("CT2504091.FirstTimeFF3", "true");
    Found : user_pref("CT2504091.UserID", "UN76981680683463263");
    Found : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Found : user_pref("CT2504091.autoDisableScopes", -1);
    Found : user_pref("CT2504091.cbcountry_001", "IE");
    Found : user_pref("CT2504091.cbfirsttime", "Tue Oct 02 2012 00:14:35 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT2504091.defaultSearch", "false");
    Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
    Found : user_pref("CT2504091.enableAlerts", "false");
    Found : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Found : user_pref("CT2504091.firstTimeDialogOpened", "true");
    Found : user_pref("CT2504091.fixPageNotFoundError", "true");
    Found : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Found : user_pref("CT2504091.fixUrls", true);
    Found : user_pref("CT2504091.installId", "ConduitNSISIntegration");
    Found : user_pref("CT2504091.installType", "ConduitNSISIntegration");
    Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT2504091.isNewTabEnabled", true);
    Found : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Found : user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Found : user_pref("CT2504091.openThankYouPage", "false");
    Found : user_pref("CT2504091.openUninstallPage", "false");
    Found : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Found : user_pref("CT2504091.search.searchCount", "0");
    Found : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Found : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350770225969");
    Found : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1350770046173");
    Found : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350770169233");
    Found : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350770046219");
    Found : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1349133274878");
    Found : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350770169563");
    Found : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1350770046241");
    Found : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1350770045964");
    Found : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350770166228");
    Found : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1350770046540");
    Found : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1350770046298");
    Found : user_pref("CT2504091.settingsINI", true);
    Found : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Found : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Found : user_pref("CT2504091.smartbar.Uninstall", "0");
    Found : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Found : user_pref("CT2504091.startPage", "false");
    Found : user_pref("CT2504091.toolbarBornServerTime", "2-10-2012");
    Found : user_pref("CT2504091.toolbarCurrentServerTime", "21-10-2012");
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&[...]

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Found [l.9] : homepage = "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520",
    Found [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520" ]
    Found [l.51] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Found [l.54] : keyword = "isearch.avg.com",
    Found [l.57] : search_url = "hxxps://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&mid=3fd9ba3f129d47d0914b4c45656382ae-f497effae0e67f5ef6e8a57f23ca56bb2c0ce819&lang=en&ds=AVG&pr=pr&d=2012-10-22 21:53:40&v=13.2.0.3&sap=dsp&q={searchTerms}",
    Found [l.1872] : homepage = "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520",
    Found [l.2116] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520" ]

    *************************

    AdwCleaner[R1].txt - [15144 octets] - [28/10/2012 22:40:01]

    ########## EOF - C:\AdwCleaner[R1].txt - [15205 octets] ##########


  • #23
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    # AdwCleaner v2.005 - Logfile created 10/28/2012 at 22:40:59
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Dave - COSMOS_II
    # Boot Mode : Normal
    # Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Dave\AppData\Local\APN
    Folder Deleted : C:\Users\Dave\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Dave\AppData\Local\Conduit
    Folder Deleted : C:\Users\Dave\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Dave\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Dave\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Dave\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\CT2504091
    Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\Smartbar
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v13.0.1 (en-US)

    Profile name : default
    File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ch0h2ygo.default\prefs.js

    Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2504091.FirstTime", "true");
    Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
    Deleted : user_pref("CT2504091.UserID", "UN76981680683463263");
    Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.autoDisableScopes", -1);
    Deleted : user_pref("CT2504091.cbcountry_001", "IE");
    Deleted : user_pref("CT2504091.cbfirsttime", "Tue Oct 02 2012 00:14:35 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT2504091.defaultSearch", "false");
    Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2504091.enableAlerts", "false");
    Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2504091.fixUrls", true);
    Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.isNewTabEnabled", true);
    Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.openThankYouPage", "false");
    Deleted : user_pref("CT2504091.openUninstallPage", "false");
    Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Deleted : user_pref("CT2504091.search.searchCount", "0");
    Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350770225969");
    Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1350770046173");
    Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350770169233");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350770046219");
    Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1349133274878");
    Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350770169563");
    Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1350770046241");
    Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1350770045964");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350770166228");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1350770046540");
    Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1350770046298");
    Deleted : user_pref("CT2504091.settingsINI", true);
    Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Deleted : user_pref("CT2504091.startPage", "false");
    Deleted : user_pref("CT2504091.toolbarBornServerTime", "2-10-2012");
    Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "21-10-2012");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&[...]

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.9] : homepage = "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520",
    Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520" ]
    Deleted [l.51] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Deleted [l.54] : keyword = "isearch.avg.com",
    Deleted [l.57] : search_url = "hxxps://isearch.avg.com/search?cid={4760DF9E-EDF4-42D0-BE79-62B78A09F8B6}&mid=3fd9ba3f129d47d0914b4c45656382ae-f497effae0e67f5ef6e8a57f23ca56bb2c0ce819&lang=en&ds=AVG&pr=pr&d=2012-10-22 21:53:40&v=13.2.0.3&sap=dsp&q={searchTerms}",
    Deleted [l.1872] : homepage = "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520",
    Deleted [l.2116] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_8_&babsrc=HP_ss&mntrId=586e2c9300000000000008863b485520" ]

    *************************

    AdwCleaner[R1].txt - [15251 octets] - [28/10/2012 22:40:01]
    AdwCleaner[S1].txt - [15235 octets] - [28/10/2012 22:40:59]

    ########## EOF - C:\AdwCleaner[S1].txt - [15296 octets] ##########


  • #24
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    hows it running


  • #25
    SpannerMonkey
    Registered Users, Registered Users 2 Posts: 2,106 ✭✭✭SpannerMonkey


    cool that seems to have worked :D

    thanks A LOT :cool: was driving me mental


  • #26
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    good stuff, seems AVG may have been stopping us from removing it. Open OTL click the Cleanup button and it will remove itself and adwcleaner


  • #27
    Rochester
    Registered Users, Registered Users 2 Posts: 478 ✭✭Rochester


    I have the same problem, could I do the same please?


  • #28
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    ya give the adwcleaner a shot and post its log here. No need to do the OTL step.


  • #29
    smithy1981
    Registered Users, Registered Users 2 Posts: 515 ✭✭✭smithy1981


    Hi, im having serious problems with babylon too and god knows what else, i borrowed an old laptop from a friend and its driving me loopy. Didnt know if i should start a new thread or not??


  • #30
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    run adwcleaner that I linked to above, that fix it for you ?


  • Advertisement
  • #31
    smithy1981
    Registered Users, Registered Users 2 Posts: 515 ✭✭✭smithy1981


    ASJ112 wrote: »
    run adwcleaner that I linked to above, that fix it for you ?

    It did indeed, it got rid of a few more undesirables too. Cheers mate:D


Advertisement