Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: johnson55 on September 14, 2013, 09:27:23 PM

Title: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 14, 2013, 09:27:23 PM
Corrine,
Sorry to here your husband is in the hospital I hope you get him home soon.
I have run the adware cleaner & junkware removal tool.
Now I'm sending the dds & attach and also the checkup txt.
When you get time let me know how I'm doing-Thanks again

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by jacobi678 at 16:00:18 on 2013-09-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2617 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\privoxy\privoxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\splwow64.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:8118
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\jacobi678\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\jacobi678\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid c4638bf7b73347d09be5e929317a2ef6-34a959d0fab53c99075cc29f68153f3b22f046a7 --CMPID 0913a
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AACA648C-CA36-4BFF-9259-744A8F274ACC} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\jacobi678\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-17 23:00; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
FF - ExtSQL: 2013-08-29 23:12; firefox@saltarsmart.biz; C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\firefox@saltarsmart.biz.xpi
FF - ExtSQL: 2013-09-01 15:50; jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org; C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org
FF - ExtSQL: 2013-09-06 14:27; {8029165D-F802-4D34-A406-82A01980A9F9}; C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\{8029165D-F802-4D34-A406-82A01980A9F9}
FF - ExtSQL: !HIDDEN! 2012-04-08 14:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-2 45856]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-9 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-9 158976]
S3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-10 1128952]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-9-10 31152]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-13 19456]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S3 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-15 1153368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-13 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-14 1255736]
S4 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-10 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-10 18:56:59   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-09-07 16:25:54   --------   d-----w-   C:\AdwCleaner
2013-09-06 19:32:44   --------   d-----w-   C:\Program Files (x86)\Flash Player Pro
2013-09-06 19:28:12   --------   d-----w-   C:\Program Files (x86)\privoxy
2013-09-06 19:27:30   --------   d-----w-   C:\Program Files (x86)\Web Protect
2013-09-06 19:10:18   --------   d-----w-   C:\Users\jacobi678\AppData\Roaming\iPumper
2013-09-05 06:43:42   45880   ----a-w-   C:\Windows\System32\drivers\avgrkx64.sys
2013-09-01 21:06:09   --------   d-----w-   C:\Program Files\Uninstaller
2013-08-18 19:14:42   --------   d-----w-   C:\Users\jacobi678\AppData\Local\SySaver
.
==================== Find3M  ====================
.
2013-09-14 04:16:24   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-14 04:16:24   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-14 22:31:03   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-08-10 05:22:18   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-08-10 05:20:59   3959296   ----a-w-   C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09   2876928   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43   3155456   ----a-w-   C:\Windows\System32\win32k.sys
2013-08-05 02:25:45   155584   ----a-w-   C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44   1732032   ----a-w-   C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03   243712   ----a-w-   C:\Windows\System32\wow64.dll
2013-08-02 02:15:03   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30   3968960   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30   3913664   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23   1292192   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17   338432   ----a-w-   C:\Windows\System32\conhost.exe
2013-08-02 00:59:09   112640   ----a-w-   C:\Windows\System32\smss.exe
2013-08-02 00:45:37   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:34   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54   1888768   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51:00   311608   ----a-w-   C:\Windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56   71480   ----a-w-   C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 06:50:56   246072   ----a-w-   C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 06:50:50   206648   ----a-w-   C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-07-19 01:41:01   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52   224256   ----a-w-   C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16   1217024   ----a-w-   C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20   1472512   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33   663552   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10   175104   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53   1910208   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-07-01 06:45:28   116536   ----a-w-   C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 16:00:36.94 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2012 4:25:24 Eystad
System Uptime: 9/14/2013 9:29:53 Norman (7 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AC2
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 873.793 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.43 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP241: 8/18/2013 10:18:09 Eystad - Windows Backup
RP242: 8/20/2013 3:38:37 Eystad - Removed QuickTime
RP243: 8/25/2013 10:23:53 Eystad - Windows Backup
RP244: 9/1/2013 3:46:18 Eystad - Removed QuickTime
RP245: 9/2/2013 10:15:55 Norman - Windows Backup
RP246: 9/8/2013 10:26:28 Eystad - Windows Backup
RP247: 9/10/2013 1:55:47 Eystad - Windows Update
.
==== Installed Programs ======================
.
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ARO 2012
Audacity 2.0.3
AuthenTec TrueAPI
AVG 2013
Belarc Advisor 8.2
BufferChm
CCleaner
D3DX10
Define Ext
Destinations
DeviceDiscovery
DMUninstaller
DocMgr
DocProc
DRIVERfighter
ESET Online Scanner v3
Fax
File Opener Pro
Flash Player Pro V5.4
Free Download Manager 3.9.2
GC
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP MovieStore
HP Odometer
HP Officejet 4500 G510g-m
HP Product Detection
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
iPumper Installer
JetMP3
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NaturalReaderFree
Network64
OCR Software by I.R.I.S. 13.0
PDF Complete Special Edition
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Queensberry Fight Network
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
RoxioNow Player
SaltarSmart 3.0.0
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shop for HP Supplies
Should I Remove It
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 5.0
Status
SySaver
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VIP Access SDK (1.0.1.4)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Web Protect for Windows
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
9/12/2013 12:42:31 Eystad, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/12/2013 12:42:31 Eystad, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
9/12/2013 12:42:14 Eystad, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
9/12/2013 12:42:05 Eystad, Error: Service Control Manager [7000]  - The vToolbarUpdater15.5.0 service failed to start due to the following error:  The system cannot find the file specified.
9/10/2013 10:23:54 Norman, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.73 
Windows 7 Service Pack 1 x64 (UAC is disabled!) 
Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2013   
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File 
SpywareBlaster 5.0   
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300 
Adobe Flash Player 11.8.800.168 
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62 
Google Chrome 29.0.1547.66 
Google Chrome Plugins... 
````````Process Check: objlist.exe by Laurent````````[/u] 
WinPatrol winpatrol.exe
AVG avgwdsvc.exe
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````[/u]
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 14, 2013, 10:30:17 PM
Hi, Johnson55.

1.  First, please uninstall the programs listed below.  The McAfee Security Scan Plus likely came as a prechecked option with an Adobe update and is unnecessary.  The other two are adware, generally installed without notice or bundled with other programs.

McAfee Security Scan Plus
SaltarSmart 3.0.0
SySaver

2.  Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 15, 2013, 07:25:19 PM
Corrine,Here is my combofix log and Thanks for your time.

ComboFix 13-09-14.01 - jacobi678 09/15/2013  13:54:40.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2530 [GMT -5:00]
Running from: c:\users\jacobi678\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1368651034.30476.bin
c:\programdata\1368651034.32276.bin
c:\programdata\1368651034.5076.bin
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\C&J Energy Services Inc. - Investor Relations.website
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\Ferrellgas, Your Propane Gas Company - Contact Us, Local Propane Service For Home, Business & Farm, Ferrellgas.website
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\HTML Tables.URL
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\HTML Tutorial.website
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\Photobucket (2).website
c:\users\jacobi678\AppData\Roaming\Microsoft\Windows\Recent\Photobucket.website
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-15 to 2013-09-15  )))))))))))))))))))))))))))))))
.
.
2013-09-15 18:58 . 2013-09-15 18:58   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-09-15 18:58 . 2013-09-15 18:58   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-10 18:56 . 2013-08-02 02:15   1732032   ----a-w-   c:\windows\system32\ntdll.dll
2013-09-07 16:25 . 2013-09-07 16:29   --------   d-----w-   C:\AdwCleaner
2013-09-06 19:32 . 2013-09-06 19:32   --------   d-----w-   c:\program files (x86)\Flash Player Pro
2013-09-06 19:28 . 2013-09-06 19:28   --------   d-----w-   c:\program files (x86)\privoxy
2013-09-06 19:27 . 2013-09-12 17:39   --------   d-----w-   c:\program files (x86)\Web Protect
2013-09-06 19:10 . 2013-09-06 19:13   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\iPumper
2013-09-05 06:43 . 2013-09-05 06:43   45880   ----a-w-   c:\windows\system32\drivers\avgrkx64.sys
2013-09-01 21:06 . 2013-09-01 21:06   --------   d-----w-   c:\program files\Uninstaller
2013-08-18 19:14 . 2013-09-15 05:25   --------   d-----w-   c:\users\jacobi678\AppData\Local\SySaver
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 04:16 . 2012-04-03 14:19   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 04:16 . 2011-09-10 05:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 18:57 . 2012-02-17 02:02   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-08-14 22:31 . 2012-10-02 18:39   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-08-02 01:48 . 2013-09-10 18:56   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 04:59   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 04:59   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51   311608   ----a-w-   c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50   71480   ----a-w-   c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50   246072   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50   206648   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2013-07-19 01:58 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 05:00   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 04:59   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 05:00   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 05:00   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 05:00   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 04:59   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 05:00   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 05:00   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 05:00   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 05:00   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 04:59   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-07-01 06:45 . 2013-07-01 06:45   116536   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 17:41 . 2012-12-14 17:44   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-27 17:41 . 2012-08-31 16:28   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-27 17:30 . 2012-08-31 16:27   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 15, 2013, 08:23:11 PM
Well done, johnson55.  Let's clean up the remainders from SaltarSmart and SySaver.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

Folder::
c:\users\jacobi678\AppData\Local\SySaver

Firefox::
FF - ProfilePath - c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\
FF - ExtSQL: 2013-08-29 23:12; firefox@saltarsmart.biz; c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\firefox@saltarsmart.biz.xpi
FF - ExtSQL: 2013-09-01 15:50; jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org; c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org
FF - ExtSQL: 2013-09-06 14:27; {8029165D-F802-4D34-A406-82A01980A9F9}; c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\{8029165D-F802-4D34-A406-82A01980A9F9}

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 15, 2013, 10:06:40 PM
I changed the combofix log to cfscripton desktop.
But I can't find combofix.exe.Maybe I just run it and didn't save it.
Not sure what to do now.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 16, 2013, 12:18:58 AM
Hi, Johnson55.  Be sure that you named the file saved to Notepad as CFScript.txt.  You put ComboFix in the downloads folder, not on your desktop.  It would be easier for cleanup if you move it to your desktop from c:\users\jacobi678\Downloads\ComboFix.exe.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 16, 2013, 02:46:16 PM
Here is the scripttxt & combofix log

ComboFix 13-09-14.01 - jacobi678 09/15/2013  22:42:35.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2583 [GMT -5:00]
Running from: c:\users\jacobi678\Desktop\ComboFix.exe
Command switches used :: c:\users\jacobi678\Desktop\CFScript.txt.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jacobi678\AppData\Local\SySaver
c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\firefox@saltarsmart.biz.xpi
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-16 to 2013-09-16  )))))))))))))))))))))))))))))))
.
.
2013-09-16 03:53 . 2013-09-16 03:53   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-09-16 03:53 . 2013-09-16 03:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-10 18:56 . 2013-08-02 02:15   1732032   ----a-w-   c:\windows\system32\ntdll.dll
2013-09-07 16:25 . 2013-09-07 16:29   --------   d-----w-   C:\AdwCleaner
2013-09-06 19:32 . 2013-09-06 19:32   --------   d-----w-   c:\program files (x86)\Flash Player Pro
2013-09-06 19:28 . 2013-09-06 19:28   --------   d-----w-   c:\program files (x86)\privoxy
2013-09-06 19:27 . 2013-09-12 17:39   --------   d-----w-   c:\program files (x86)\Web Protect
2013-09-06 19:10 . 2013-09-06 19:13   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\iPumper
2013-09-05 06:43 . 2013-09-05 06:43   45880   ----a-w-   c:\windows\system32\drivers\avgrkx64.sys
2013-09-01 21:06 . 2013-09-01 21:06   --------   d-----w-   c:\program files\Uninstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 04:16 . 2012-04-03 14:19   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 04:16 . 2011-09-10 05:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 18:57 . 2012-02-17 02:02   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-08-14 22:31 . 2012-10-02 18:39   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-08-02 01:48 . 2013-09-10 18:56   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 04:59   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 04:59   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51   311608   ----a-w-   c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50   71480   ----a-w-   c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50   246072   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50   206648   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2013-07-19 01:58 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 05:00   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 04:59   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 05:00   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 05:00   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 05:00   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 04:59   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 05:00   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 05:00   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 05:00   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 05:00   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 04:59   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-07-01 06:45 . 2013-07-01 06:45   116536   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 17:41 . 2012-12-14 17:44   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-27 17:41 . 2012-08-31 16:28   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-27 17:30 . 2012-08-31 16:27   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 17, 2013, 01:12:51 AM
Hi, Johnson55.

Although ComboFix cleaned up some leftovers, the script I intended didn't run because the name is incorrect as CFScript.txt.txt.  Please right-click CFScript.txt.txt and select Rename.  Change the name to CFScript.txt.  Drag CFScript.txt into ComboFix.exe.

See the instructions above (http://www.landzdown.com/analysis-and-malware-removal/i-get-to-many-pup-or-adware-when-running-spybot-malware-byts/msg162920/#msg162920) as a refresher.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 17, 2013, 04:22:35 PM
Corrine,
I drag the scripttxt into the combofix it didn't have the exe on it.
after that I couldn't get connected to landzdown site.My browser
won't take me anywhere.I'm using another computer to do this.
I geta 316 port issue.The proxy server is refusing connections.
Could you give me some directions how to deal with this?
Thanks again for your time.I have this log ready to send if I could
get connected.but I suppose I need to send the log from the computer
I was in trouble with.
Title: My to much spyware adding to my other problem
Post by: johnson55 on September 17, 2013, 07:30:25 PM
Corrine,
I finally got connected again to landzdown[Proxy server wouldn't respond] Not sure what was wrong.
here is the last log I couldn't send before.

ComboFix 13-09-14.01 - jacobi678 09/16/2013  23:19:22.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2513 [GMT -5:00]
Running from: c:\users\jacobi678\Desktop\ComboFix.exe
Command switches used :: c:\users\jacobi678\Desktop\CFScript.txt.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 04:22 . 2013-09-17 04:22   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-09-17 04:22 . 2013-09-17 04:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-10 18:56 . 2013-08-02 02:15   1732032   ----a-w-   c:\windows\system32\ntdll.dll
2013-09-07 16:25 . 2013-09-07 16:29   --------   d-----w-   C:\AdwCleaner
2013-09-06 19:32 . 2013-09-06 19:32   --------   d-----w-   c:\program files (x86)\Flash Player Pro
2013-09-06 19:28 . 2013-09-06 19:28   --------   d-----w-   c:\program files (x86)\privoxy
2013-09-06 19:27 . 2013-09-12 17:39   --------   d-----w-   c:\program files (x86)\Web Protect
2013-09-06 19:10 . 2013-09-06 19:13   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\iPumper
2013-09-05 06:43 . 2013-09-05 06:43   45880   ----a-w-   c:\windows\system32\drivers\avgrkx64.sys
2013-09-01 21:06 . 2013-09-01 21:06   --------   d-----w-   c:\program files\Uninstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 04:16 . 2012-04-03 14:19   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 04:16 . 2011-09-10 05:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 18:57 . 2012-02-17 02:02   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-08-14 22:31 . 2012-10-02 18:39   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-08-02 01:48 . 2013-09-10 18:56   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 04:59   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 04:59   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51   311608   ----a-w-   c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50   71480   ----a-w-   c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50   246072   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50   206648   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2013-07-19 01:58 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 05:00   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 04:59   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 05:00   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 05:00   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 05:00   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 04:59   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 05:00   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 05:00   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 05:00   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 05:00   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 04:59   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-07-01 06:45 . 2013-07-01 06:45   116536   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 17:41 . 2012-12-14 17:44   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-27 17:41 . 2012-08-31 16:28   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-27 17:30 . 2012-08-31 16:27   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 18, 2013, 02:02:29 AM
Hi, Johnson55.

Once again, my apology as I was out all day.  The good news is that my husband is home from the hospital, although I have no doubt he'll be keeping me busy during his recovery.  :)

Regarding the ComboFix log, you are still running it with a "double" file extension:  c:\users\jacobi678\Desktop\CFScript.txt.txt.  Did you try renaming it to remove the extra .txt as I indicated above?

Perhaps it would work by manually removing those files.  Launch Firefox and go to Add-ons and see if the following are visible for removal:

FF - ExtSQL: 2013-09-01 15:50; jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org; c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org
FF - ExtSQL: 2013-09-06 14:27; {8029165D-F802-4D34-A406-82A01980A9F9}; c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\{8029165D-F802-4D34-A406-82A01980A9F9}

In addition, manually navigate to c:\users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ and delete the following:

jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org
{8029165D-F802-4D34-A406-82A01980A9F9}

Please let me know if you are able to remove them.

Thank you.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 18, 2013, 04:27:04 PM
Corrine,
I'm glad you got your husband home,hope everything turns around for you both.
When I put scripttxt into combofix,after getting the log a dialog comes up
whether I want to change my home page.I click no. Then the computer won't
let me go to landzdown,it says the proxy server won't respond.My browser
won't work,nothing will workI then need to reprogram my modem & router.
I do that a couple times and then the computer starts to work again.
Do you have some input on that?
I know it sounds a lithe crazy. I'm sending the log,it should be ok now.
Manually did't seem to work for me.

ComboFix 13-09-17.01 - jacobi678 09/17/2013  23:42:37.7.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2784 [GMT -5:00]
Running from: c:\users\jacobi678\Desktop\ComboFix.exe
Command switches used :: c:\users\jacobi678\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-18 04:45 . 2013-09-18 04:45   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-09-18 04:45 . 2013-09-18 04:45   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-10 18:56 . 2013-08-02 02:15   1732032   ----a-w-   c:\windows\system32\ntdll.dll
2013-09-07 16:25 . 2013-09-07 16:29   --------   d-----w-   C:\AdwCleaner
2013-09-06 19:32 . 2013-09-06 19:32   --------   d-----w-   c:\program files (x86)\Flash Player Pro
2013-09-06 19:28 . 2013-09-06 19:28   --------   d-----w-   c:\program files (x86)\privoxy
2013-09-06 19:27 . 2013-09-12 17:39   --------   d-----w-   c:\program files (x86)\Web Protect
2013-09-06 19:10 . 2013-09-06 19:13   --------   d-----w-   c:\users\jacobi678\AppData\Roaming\iPumper
2013-09-05 06:43 . 2013-09-05 06:43   45880   ----a-w-   c:\windows\system32\drivers\avgrkx64.sys
2013-09-01 21:06 . 2013-09-01 21:06   --------   d-----w-   c:\program files\Uninstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 04:16 . 2012-04-03 14:19   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 04:16 . 2011-09-10 05:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 18:57 . 2012-02-17 02:02   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-08-14 22:31 . 2012-10-02 18:39   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-08-02 01:48 . 2013-09-10 18:56   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 04:59   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 04:59   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51   311608   ----a-w-   c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50   71480   ----a-w-   c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50   246072   ----a-w-   c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50   206648   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
2013-07-19 01:58 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 04:59   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 05:00   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 04:59   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 05:00   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 05:00   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 05:00   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 04:59   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 05:00   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 05:00   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 05:00   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 05:00   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 04:59   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-07-01 06:45 . 2013-07-01 06:45   116536   ----a-w-   c:\windows\system32\drivers\avgmfx64.sys
2013-06-27 17:41 . 2012-12-14 17:44   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-27 17:41 . 2012-08-31 16:28   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-27 17:30 . 2012-08-31 16:27   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Privoxy"="c:\program files (x86)\privoxy\starthelp.exe" [2013-08-26 51115]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean64.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 19, 2013, 12:27:30 AM
Hi, Johnson55.

I spent a fair amount of time trying to find some reference to ComboFix deleting the settings for a proxy server and haven't found anything. 

I'd like you to scan with both AdwCleaner and the Junkware Removal Tool again and then post a fresh DDS log for me, please. 

Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 19, 2013, 11:45:01 PM
Corrine My computer is really acting funny.
I couldn't get adwarecleaner to work.I finally got jrt to work
Here is the file for it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by jacobi678 on Thu 09/19/2013 at 18:35:49.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabsearch
Successfully deleted: [Service] defaulttabsearch
Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jacobi678\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"



~~~ FireFox

Successfully deleted: [File] C:\Users\jacobi678\AppData\Roaming\mozilla\firefox\profiles\azgatbp3.default\user.js
Successfully deleted: [File] C:\Users\jacobi678\AppData\Roaming\mozilla\firefox\profiles\azgatbp3.default\extensions\addon@defaulttab.com.xpi



~~~ Chrome

Successfully deleted: [Folder] C:\Users\jacobi678\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/19/2013 at 18:39:22.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 20, 2013, 01:22:03 AM
How is is acting funny? 

Maybe OTL will provide more information.  Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer.  Save it to your Desktop.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 20, 2013, 04:01:30 AM
Corrine,
I get this dialog all the time before otL finally downloads.
Free downloads mgr is not properly installed
Please reinstall free download mgr or reboot.error 0x8008005
It does finally download.Computer freezes up for awhile.

OTL logfile created on: 9/19/2013 10:43:26 Eystad - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jacobi678\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 74.62% Memory free
7.82 Gb Paging File | 6.12 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.74 Gb Total Space | 875.38 Gb Free Space | 95.18% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: NEWBUILD2 | User Name: jacobi678 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 22:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jacobi678\Downloads\OTL.exe
PRC - [2013/08/16 11:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 11:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
MOD - [2013/06/15 23:23:54 | 000,105,501 | ---- | M] () -- C:\Program Files (x86)\privoxy\cyggcc_s-1.dll
MOD - [2013/05/09 16:21:56 | 000,074,269 | ---- | M] () -- C:\Program Files (x86)\privoxy\cygz.dll
MOD - [2013/01/11 03:17:32 | 000,105,984 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/09/13 23:16:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/24 15:09:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/14 17:31:03 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/10 00:17:28 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/09/09 23:56:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/09 23:56:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/22 05:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/27 12:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzy0E0CyBtDyDtByCyBtCtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131799736
IE:64bit: - HKLM\..\SearchScopes\{AAED0B0E-16F4-4BEB-B27E-C963F5C20E4E}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{64FD455F-7F77-7952-06EB-7F0374E53D18}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS471
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jacobi678\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jacobi678\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/30 15:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 14:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 14:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/24 15:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/30 15:56:56 | 000,000,000 | ---D | M]

[2012/02/23 15:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Extensions
[2013/09/19 18:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions
[2013/09/19 17:56:53 | 000,000,000 | ---D | M] (SySaver) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
[2013/09/17 11:06:02 | 002,196,860 | ---- | M] () (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\firebug@software.joehewitt.com.xpi
[2012/11/14 15:00:41 | 000,011,658 | ---- | M] () (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi
[2013/09/17 23:21:09 | 000,001,590 | ---- | M] () -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\searchplugins\ixquick-https.xml
[2013/09/19 17:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/19 17:56:52 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
[2013/09/01 15:50:08 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org
[2013/08/24 15:09:25 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013/08/24 15:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/26 17:47:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
CHR - Extension: No name found = C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\

O1 HOSTS File: ([2013/09/15 22:53:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1866074403-788936854-74266964-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AACA648C-CA36-4BFF-9259-744A8F274ACC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
[2013/09/19 17:56:52 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Local\SySaver
[2013/09/17 23:47:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/17 23:46:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/17 10:27:26 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Desktop\florence
[2013/09/15 22:41:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/15 22:36:32 | 005,128,653 | R--- | C] (Swearware) -- C:\Users\jacobi678\Desktop\ComboFix.exe
[2013/09/15 13:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/15 13:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/15 13:52:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/12 10:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 13:59:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/10 13:59:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/10 13:59:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/10 13:59:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/10 13:59:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/10 13:59:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/10 13:59:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/10 13:59:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/10 13:59:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/10 13:59:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/10 13:59:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/10 13:59:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/10 13:59:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/10 13:59:05 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/10 13:59:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/10 13:57:23 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/10 13:57:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/10 13:57:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/10 13:57:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/10 13:57:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/10 13:57:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/10 13:57:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 13:57:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 13:57:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 13:57:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 13:57:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 13:57:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 13:57:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/10 13:56:59 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/10 13:56:59 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/10 13:56:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/10 13:56:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/10 13:56:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/10 13:56:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/10 13:56:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/10 13:56:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/10 13:56:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/10 13:56:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/10 13:56:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/10 13:56:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/10 13:56:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 13:56:58 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/10 13:56:58 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/10 13:56:58 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/10 13:56:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/07 11:25:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/06 14:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/09/06 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Documents\Flash Player Pro
[2013/09/06 14:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/09/06 14:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/09/06 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/09/06 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
[2013/09/06 14:10:18 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\iPumper
[2013/09/05 01:43:42 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/01 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/01 15:50:18 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/08/31 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Documents\NaturalSoft
[2013/08/24 15:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/09/19 22:32:44 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1866074403-788936854-74266964-1000UA.job
[2013/09/19 22:32:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 22:32:43 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 22:32:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/19 18:40:27 | 000,000,519 | ---- | M] () -- C:\Users\jacobi678\Desktop\Analysis and Malware Removal.website
[2013/09/19 18:19:18 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 18:19:18 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 18:16:45 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/19 18:16:45 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 18:16:45 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/19 18:12:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/19 18:11:49 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 17:57:50 | 000,000,258 | RHS- | M] () -- C:\Users\jacobi678\ntuser.pol
[2013/09/19 17:26:38 | 000,000,557 | ---- | M] () -- C:\Users\jacobi678\Desktop\WILDBLUE  Login to your Google start page.website
[2013/09/18 23:51:06 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1866074403-788936854-74266964-1000Core.job
[2013/09/17 23:41:24 | 005,128,653 | R--- | M] (Swearware) -- C:\Users\jacobi678\Desktop\ComboFix.exe
[2013/09/17 10:02:32 | 000,000,548 | ---- | M] () -- C:\Users\jacobi678\Documents\Computer Problems, Questions and Solutions!.website
[2013/09/16 13:23:04 | 000,000,501 | ---- | M] () -- C:\Users\jacobi678\Desktop\belarus tractors for sale_mn. - Google Search.website
[2013/09/16 12:51:25 | 000,000,679 | ---- | M] () -- C:\Users\jacobi678\Desktop\Wanted 250 Belarus Parts wanted - Ottawa Farming Equipment For Sale - Kijiji Ottawa Canada..website
[2013/09/15 22:53:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/13 23:16:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 23:16:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/12 12:59:02 | 000,001,175 | ---- | M] () -- C:\Users\jacobi678\Desktop\sept 12.lnk
[2013/09/12 12:59:02 | 000,001,175 | ---- | M] () -- C:\Users\jacobi678\Documents\New folder.lnk
[2013/09/12 10:56:37 | 000,000,422 | ---- | M] () -- C:\Users\jacobi678\Desktop\9-14Misc (2).website
[2013/09/10 14:03:03 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/08 11:38:57 | 000,001,050 | ---- | M] () -- C:\Users\jacobi678\Documents\JRT - Shortcut.lnk
[2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/02 10:06:08 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjacobi678.job

========== Files Created - No Company Name ==========

[2013/09/17 10:28:43 | 000,000,548 | ---- | C] () -- C:\Users\jacobi678\Documents\Computer Problems, Questions and Solutions!.website
[2013/09/16 16:07:39 | 000,000,519 | ---- | C] () -- C:\Users\jacobi678\Desktop\Analysis and Malware Removal.website
[2013/09/15 13:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/15 13:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/15 13:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/15 13:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/15 13:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/12 17:04:33 | 000,000,679 | ---- | C] () -- C:\Users\jacobi678\Desktop\Wanted 250 Belarus Parts wanted - Ottawa Farming Equipment For Sale - Kijiji Ottawa Canada..website
[2013/09/12 16:55:37 | 000,000,501 | ---- | C] () -- C:\Users\jacobi678\Desktop\belarus tractors for sale_mn. - Google Search.website
[2013/09/12 12:59:20 | 000,001,175 | ---- | C] () -- C:\Users\jacobi678\Documents\New folder.lnk
[2013/09/12 12:56:54 | 000,001,175 | ---- | C] () -- C:\Users\jacobi678\Desktop\sept 12.lnk
[2013/09/12 10:56:37 | 000,000,422 | ---- | C] () -- C:\Users\jacobi678\Desktop\9-14Misc (2).website
[2013/09/08 11:56:15 | 000,001,050 | ---- | C] () -- C:\Users\jacobi678\Documents\JRT - Shortcut.lnk
[2013/08/26 17:47:15 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/26 10:30:34 | 000,003,715 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/06/16 15:13:13 | 000,000,258 | RHS- | C] () -- C:\Users\jacobi678\ntuser.pol
[2013/04/17 23:11:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/08 15:29:06 | 000,000,600 | ---- | C] () -- C:\Users\jacobi678\PUTTY.RND
[2012/04/08 15:07:33 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012/04/08 14:08:05 | 000,205,098 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/03/18 22:11:24 | 000,007,651 | ---- | C] () -- C:\Users\jacobi678\AppData\Local\resmon.resmoncfg
[2011/09/10 00:18:21 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_1msfindstuff277078719
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_0msmyhome717218745
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msstats-14252495
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msorganizer-1406118515
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msfollowing-678491532
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msallalbums1017703031

< End of report >



OTL Extras logfile created on: 9/19/2013 10:43:26 Eystad - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jacobi678\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 74.62% Memory free
7.82 Gb Paging File | 6.12 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.74 Gb Total Space | 875.38 Gb Free Space | 95.18% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: NEWBUILD2 | User Name: jacobi678 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parame
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 20, 2013, 04:20:43 AM
Maybe the exta log didn't paste
here it is again

OTL Extras logfile created on: 9/19/2013 10:43:26 Eystad - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jacobi678\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 74.62% Memory free
7.82 Gb Paging File | 6.12 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.74 Gb Total Space | 875.38 Gb Free Space | 95.18% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: NEWBUILD2 | User Name: jacobi678 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0962DDF7-5506-46DE-B298-22B40A1AC53E}" = lport=137 | protocol=17 | dir=in | app=system |
"{0AA5CE89-A77A-4757-92B2-D7E30CAD53BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E7B84DB-F90F-43DA-930D-0D2B7A5DDED6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1694F39F-18EC-4C96-B70A-27109C4351ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BB34782-108F-4A97-B5B3-D16A048C9478}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F546298-8D8F-49AE-8CED-8B3159E3BE60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{238E3AA7-5FF5-4698-8FC2-839E3B05B90C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B97A060-01B9-464D-90F4-1F89260D82F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{501CEE66-D192-4C82-AC2C-C1F6BB827891}" = rport=139 | protocol=6 | dir=out | app=system |
"{52B3B53B-B101-4921-91FB-173AF0A7CC32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66ACD5C7-AD67-48D3-92B6-0759D6B1D2DF}" = lport=138 | protocol=17 | dir=in | app=system |
"{66FCFC4A-1580-4485-BABD-93C227605AD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C9B72E1-A3CF-439F-A740-9EDFFCA6AD8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{894D64A4-E72E-4863-84F2-43FE163ED358}" = lport=445 | protocol=6 | dir=in | app=system |
"{913500D8-1C2B-462F-BF58-4541DE4DC077}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9F81B6C4-63DB-4556-9223-ECFE215348A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A90A3860-4152-4A63-8937-B37D955F3517}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C605E016-2586-4D87-A27F-973127F618BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C610A272-9A01-4ACA-B060-485F4EB40F77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD593D3D-2072-4F43-9240-F6EF230748EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D428B337-75C1-4639-9A7B-EBC770DCFFA4}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFF05929-D0AD-4A55-AC35-FD8C37CD4F65}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2B11C04-2D28-4AA5-88FA-22F281B25C7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E951439A-1DDD-4079-9114-1E037CACDB9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFBDAD25-182E-43DB-95B3-3617448953AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022F6FE7-BB40-4B4F-A01C-97B0DA32E360}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{0CBFB29E-9FDA-4B51-A5F2-ABFDBB30ED6A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{0E3459D2-D867-45BA-BB60-3B9F37109C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0E34F4ED-FCE7-4F1B-BFD4-D6B28D0FBE39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{1187BAC0-CBBF-4407-B2BE-4966E1C75133}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{139DFB7D-BC24-4DF0-AF67-6D3068EC5D6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{15FEA3FD-3270-416D-B395-0943453D993D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1C4E39B1-22EE-44D1-9629-02C27E78519B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FCB5E6A-618C-4753-BFD4-7571076D562A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2226D25C-6607-4E46-91DB-04159019138A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{2613FF77-A0EC-4152-B953-1E3FD53906C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{280468EE-C9A2-4D48-AC32-61C56FBD29E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2B8721F5-307A-41F0-A1DD-503F4AFA1DC9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2E2069EC-E6C6-4BAF-B95E-A776893F02A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3370A019-24D8-4123-AD1B-EC8E5949F771}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{346D1AB1-F7AF-46DD-9824-E09DFE1FC437}" = protocol=6 | dir=in | app=c:\program files (x86)\aro 2012\aro.exe |
"{357A31D4-291D-474B-ACAA-9A5A8FBEACC1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38920E50-AF20-4DF2-8890-2DC64BD17F83}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3EE51629-0DB7-46A0-B2F5-31B559DA9EA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{401F32E1-C5FC-4134-B253-DA7B648F6E81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{45628EC1-BDED-4EF4-9D7C-86E6C701A29A}" = protocol=6 | dir=out | app=system |
"{47BE1FCB-90BB-45E0-9B38-DC11236BFABC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{4CD93592-7B88-4A5A-9BCC-A0E5A65EE7EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{50A2064E-082A-481A-9079-36CCB64E0DC7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5319DF9B-0958-47C3-AFDA-213B0391FA4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5378508D-8EC3-4F47-975A-ECEBDBE89A78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57287207-686A-4C94-8274-8EDBF3B489F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5CE5FF8C-3169-425D-B1D0-A08E97BE0F99}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7015B59B-F25A-4797-9E53-F8633BFBD87A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7709E18E-1C65-4C8B-A739-AE05DBC966D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7817BEC1-33A4-4DFA-9EE7-28C6879FDDC9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79089D4E-EAE8-4CB3-9F2D-1B9492EC6CAF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{792A6447-67DB-42A1-B541-01E4B37A0711}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{7B3E2B38-0275-459F-9964-1370B3A96C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{841E222E-4D04-45B8-8E47-E34C9591E21E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{875415CB-BB4A-4E83-8810-726104B1DF67}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9337481F-100E-4EF2-8D34-506F4A910DCA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96AA2319-782D-4171-945E-36FFF43DA275}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{9A036F34-0073-4FF9-9C6F-75C3EC2E4658}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9DAB4678-AA38-4D00-B2B5-16F2976A5034}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A36A07D2-752C-4FFE-ACDC-EEF55A3D1D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{A6436BBA-FA99-432A-BFBE-EB26B1DB251A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A897CC03-5D77-4A6B-A517-16E7FDEF3899}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{A95DD170-4CBD-4550-BE48-0BFFE1088732}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA850128-68A2-410E-ACC3-4C6CAD1438FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B03AC221-DCD6-4EAF-8A2C-964C8B392999}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B764461D-57A5-4AC0-9824-FA2AC7464890}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{C8EF57BC-E411-4824-9ED2-A4188AD8B0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\aro 2012\aro.exe |
"{CC898582-10B1-44AC-B54E-F291A455ECB3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D16A927F-BF4E-40F3-898B-DA11B9E44AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3FA51EE-18C7-4BFB-9615-04E9E616C9B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{E08DB9D2-550F-46A9-98EA-1830AD32F0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{E4983F17-5DF0-477B-A690-A440980F8E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E885DB68-D5C8-410D-8B77-1961FA468808}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F578A578-9395-4E0E-8A67-E274AB088A37}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F66AFBF8-0A77-4CD8-ABC3-2699A8D7A57B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{FFC000BD-199E-4F51-9CAB-AAD11CD4D5B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{5C72718B-9217-4E94-968B-8D63BAE712E0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{EA17B78B-42E2-4E74-9038-02CC935CD161}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{3E969FAA-F82F-4908-9D15-A628FBC2FAB5}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{C23E1459-B5AC-408A-AC6F-C6CD5A4A11A5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{BC20D4CC-C409-42A9-A783-B3ACBD5ABE91}" = AVG 2013
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ARO 2012_is1" = ARO 2012
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912D7753-0386-4792-8B53-BB8DE965571E}" = DRIVERfighter
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD2D46E2-3877-49AF-8EC7-A9F78B91DA81}" = Queensberry Fight Network
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Belarc Advisor" = Belarc Advisor 8.2
"DMUninstaller" = DMUninstaller
"DRIVERfighter" = DRIVERfighter
"ESET Online Scanner" = ESET Online Scanner v3
"fileopenerpro" = File Opener Pro
"Flash Player Pro_is1" = Flash Player Pro V5.4
"Free Download Manager_is1" = Free Download Manager 3.8
"GC" = GC
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"JetMP3" = JetMP3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PDF Complete" = PDF Complete Special Edition
"RealPlayer 16.0" = RealPlayer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WinLiveSuite" = Windows Live Essentials
"wp-adk" = Web Protect for Windows
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}" = iPumper Installer
"Google Chrome" = Google Chrome
"Should I Remove It 1.0.4" = Should I Remove It
"SySaver" = SySaver

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 10/2/2012 12:04:29 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description =

Error - 11/24/2012 6:42:55 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 20  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/24/2012 6:43:45 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/24/2012 6:44:35 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/24/2012 6:45:25 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/24/2012 6:45:32 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/24/2012 6:45:33 Eystad | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description =

Error - 11/26/2012 12:40:42 Norman | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/26/2012 12:41:32 Norman | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 

Error - 11/26/2012 12:41:57 Norman | Computer Name = newbuild2 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis()  Message: A device
attached to the system is not functioning  StackTrace:   at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo)     at System.Diagnostics.Process.Start()     at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

   at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis()  Source: System

Name:
HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe  Format: en-US  RAM: 4002  Ram Utilization: 30  TargetSite: Boolean
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) 


< End of report >
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 20, 2013, 06:28:04 PM
Hi, Johnson55.

You may need to reinstall Free Download Manager.

1.  Please do the following:

Warning:  This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.
Code Select

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzy0E0CyBtDyDtByCyBtCtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131799736
IE:64bit: - HKLM\..\SearchScopes\{AAED0B0E-16F4-4BEB-B27E-C963F5C20E4E}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{64FD455F-7F77-7952-06EB-7F0374E53D18}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS471
IE - HKU\S-1-5-21-1866074403-788936854-74266964-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR - Extension: No name found = C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_1msfindstuff277078719
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_0msmyhome717218745
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msstats-14252495
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msorganizer-1406118515
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msfollowing-678491532
@Alternate Data Stream - 1150 bytes -> C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msallalbums1017703031
[2013/09/19 17:56:53 | 000,000,000 | ---D | M] (SySaver) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
[2013/09/19 17:56:52 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
[2013/09/01 15:50:08 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\jmlcjfpwxfzifurkxgus@xrnittagljfuhwwlus.org

:Files
C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
C:\Users\jacobi678\AppData\Local\SySaver

:Reg
[HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SySaver"=-

:Commands
[emptyflash]
[EMPTYTEMP]

2.  After posting the resulting Fix log, please rescan as follows:  Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 20, 2013, 10:18:22 PM
Corrine,
I got otL but I don't have otL.exe when I click on otL I get a run option only.
I'm not sure how to get the exe and to save it.
Before I do anything I'd better be sure to do this right.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 20, 2013, 10:44:26 PM
Since you have OTL, you have OTL.exe.  That is what produced the logs that I created the fix from. 

If you move OTL from C:\Users\jacobi678\Downloads to your desktop, C:\Users\jacobi678\Desktop, you'll see the following image:

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.bleepstatic.com%2Ffhost%2Fuploads%2F0%2Fotlicon.png&hash=3463dbbaa83f33b2ccdc076df2653a23e822af5b)

When you double-click OTL, it will launch and you'll see the following:

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FOTL_Fix_zpse8d63d72.gif&hash=f2d9f981f805bcd784400011077356aa40df5b7f) (http://smg.photobucket.com/user/Corrine3/media/OTL_Fix_zpse8d63d72.gif.html)

Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 21, 2013, 03:54:15 PM

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AAED0B0E-16F4-4BEB-B27E-C963F5C20E4E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAED0B0E-16F4-4BEB-B27E-C963F5C20E4E}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{64FD455F-7F77-7952-06EB-7F0374E53D18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64FD455F-7F77-7952-06EB-7F0374E53D18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0 folder moved successfully.
C:\Users\jacobi678\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0 folder moved successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_1msfindstuff277078719 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:TASKICON_0msmyhome717218745 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msstats-14252495 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msorganizer-1406118515 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msfollowing-678491532 deleted successfully.
ADS C:\Users\jacobi678\Documents\Photobucket.website:DESTICON_msallalbums1017703031 deleted successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\dom folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\content folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\addon folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\data folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\lib folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\data folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\addon-kit folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\tests folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\lib folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\data folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\a folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\locale folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\preferences folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\defaults folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\tmp\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\tmp\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\tmp\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\tmp folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\text-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\props folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn\prop-base folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\.svn folder moved successfully.
C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\window folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\system folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\events folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resou
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 21, 2013, 04:02:39 PM
quick scan

OTL logfile created on: 9/21/2013 10:55:14 Norman - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jacobi678\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.48% Memory free
7.82 Gb Paging File | 6.38 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.74 Gb Total Space | 876.33 Gb Free Space | 95.28% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.43 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: NEWBUILD2 | User Name: jacobi678 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 22:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jacobi678\Desktop\OTL.exe
PRC - [2013/08/27 15:04:54 | 005,903,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/26 17:30:18 | 001,358,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/16 11:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 11:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
MOD - [2013/06/15 23:23:54 | 000,105,501 | ---- | M] () -- C:\Program Files (x86)\privoxy\cyggcc_s-1.dll
MOD - [2013/05/09 16:21:56 | 000,074,269 | ---- | M] () -- C:\Program Files (x86)\privoxy\cygz.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/09/20 09:41:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/26 17:30:18 | 001,358,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/08/24 15:09:28 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/09 07:37:18 | 000,264,008 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 02:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 02:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/14 17:31:03 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/10 00:17:28 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/09/09 23:56:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/09 23:56:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/22 05:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/27 12:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 06:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jacobi678\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jacobi678\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/30 15:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 14:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 14:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/24 15:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/30 15:56:56 | 000,000,000 | ---D | M]

[2012/02/23 15:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Extensions
[2013/09/21 10:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions
[2013/09/17 11:06:02 | 002,196,860 | ---- | M] () (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\firebug@software.joehewitt.com.xpi
[2012/11/14 15:00:41 | 000,011,658 | ---- | M] () (No name found) -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi
[2013/09/17 23:21:09 | 000,001,590 | ---- | M] () -- C:\Users\jacobi678\AppData\Roaming\Mozilla\Firefox\Profiles\azgatbp3.default\searchplugins\ixquick-https.xml
[2013/09/21 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/24 15:09:25 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2013/08/24 15:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/26 17:47:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/15 22:53:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AACA648C-CA36-4BFF-9259-744A8F274ACC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/21 10:45:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/21 00:14:12 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\AVG2014
[2013/09/21 00:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/20 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Local\Avg2014
[2013/09/20 23:57:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jacobi678\Desktop\OTL.exe
[2013/09/17 23:47:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/17 23:46:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/17 10:27:26 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Desktop\florence
[2013/09/15 22:41:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/15 22:36:32 | 005,128,653 | R--- | C] (Swearware) -- C:\Users\jacobi678\Desktop\ComboFix.exe
[2013/09/15 13:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/15 13:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/15 13:52:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/12 10:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/07 11:25:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/06 14:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/09/06 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Documents\Flash Player Pro
[2013/09/06 14:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/09/06 14:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/09/06 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/09/06 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPumper
[2013/09/06 14:10:18 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\iPumper
[2013/09/01 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/01 15:50:18 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/08/31 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\jacobi678\Documents\NaturalSoft
[2013/08/24 15:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/22 23:25:44 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/08/22 23:08:14 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/08/22 22:55:04 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/08/22 22:54:54 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys

========== Files - Modified Within 30 Days ==========

[2013/09/21 10:57:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:57:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:56:45 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/21 10:56:45 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/21 10:56:44 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/21 10:53:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/21 10:51:29 | 000,000,519 | ---- | M] () -- C:\Users\jacobi678\Desktop\Analysis and Malware Removal.website
[2013/09/21 10:51:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1866074403-788936854-74266964-1000UA.job
[2013/09/21 10:51:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/21 10:50:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/21 10:49:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/21 10:49:44 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/21 00:15:28 | 000,000,557 | ---- | M] () -- C:\Users\jacobi678\Desktop\WILDBLUE  Login to your Google start page.website
[2013/09/21 00:12:03 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/20 11:35:30 | 000,000,341 | ---- | M] () -- C:\Users\jacobi678\Desktop\Bostrom's Auctions.website
[2013/09/19 23:28:10 | 000,000,660 | ---- | M] () -- C:\Users\jacobi678\Desktop\System Demonstration - NESCAFÉ® Dolce Gusto®.website
[2013/09/19 22:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jacobi678\Desktop\OTL.exe
[2013/09/19 17:57:50 | 000,000,258 | RHS- | M] () -- C:\Users\jacobi678\ntuser.pol
[2013/09/18 23:51:06 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1866074403-788936854-74266964-1000Core.job
[2013/09/17 23:41:24 | 005,128,653 | R--- | M] (Swearware) -- C:\Users\jacobi678\Desktop\ComboFix.exe
[2013/09/17 10:02:32 | 000,000,548 | ---- | M] () -- C:\Users\jacobi678\Documents\Computer Problems, Questions and Solutions!.website
[2013/09/16 13:23:04 | 000,000,501 | ---- | M] () -- C:\Users\jacobi678\Desktop\belarus tractors for sale_mn. - Google Search.website
[2013/09/16 12:51:25 | 000,000,679 | ---- | M] () -- C:\Users\jacobi678\Desktop\Wanted 250 Belarus Parts wanted - Ottawa Farming Equipment For Sale - Kijiji Ottawa Canada..website
[2013/09/15 22:53:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/12 12:59:02 | 000,001,175 | ---- | M] () -- C:\Users\jacobi678\Desktop\sept 12.lnk
[2013/09/12 12:59:02 | 000,001,175 | ---- | M] () -- C:\Users\jacobi678\Documents\New folder.lnk
[2013/09/12 10:56:37 | 000,000,422 | ---- | M] () -- C:\Users\jacobi678\Desktop\9-14Misc (2).website
[2013/09/10 14:03:03 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/08 11:38:57 | 000,001,050 | ---- | M] () -- C:\Users\jacobi678\Documents\JRT - Shortcut.lnk
[2013/09/02 10:06:08 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjacobi678.job
[2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys

========== Files Created - No Company Name ==========

[2013/09/21 00:12:03 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/20 11:35:30 | 000,000,341 | ---- | C] () -- C:\Users\jacobi678\Desktop\Bostrom's Auctions.website
[2013/09/19 23:28:10 | 000,000,660 | ---- | C] () -- C:\Users\jacobi678\Desktop\System Demonstration - NESCAFÉ® Dolce Gusto®.website
[2013/09/17 10:28:43 | 000,000,548 | ---- | C] () -- C:\Users\jacobi678\Documents\Computer Problems, Questions and Solutions!.website
[2013/09/16 16:07:39 | 000,000,519 | ---- | C] () -- C:\Users\jacobi678\Desktop\Analysis and Malware Removal.website
[2013/09/15 13:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/15 13:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/15 13:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/15 13:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/15 13:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/12 17:04:33 | 000,000,679 | ---- | C] () -- C:\Users\jacobi678\Desktop\Wanted 250 Belarus Parts wanted - Ottawa Farming Equipment For Sale - Kijiji Ottawa Canada..website
[2013/09/12 16:55:37 | 000,000,501 | ---- | C] () -- C:\Users\jacobi678\Desktop\belarus tractors for sale_mn. - Google Search.website
[2013/09/12 12:59:20 | 000,001,175 | ---- | C] () -- C:\Users\jacobi678\Documents\New folder.lnk
[2013/09/12 12:56:54 | 000,001,175 | ---- | C] () -- C:\Users\jacobi678\Desktop\sept 12.lnk
[2013/09/12 10:56:37 | 000,000,422 | ---- | C] () -- C:\Users\jacobi678\Desktop\9-14Misc (2).website
[2013/09/08 11:56:15 | 000,001,050 | ---- | C] () -- C:\Users\jacobi678\Documents\JRT - Shortcut.lnk
[2013/08/26 17:47:15 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/26 10:30:34 | 000,003,715 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/06/16 15:13:13 | 000,000,258 | RHS- | C] () -- C:\Users\jacobi678\ntuser.pol
[2013/04/17 23:11:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/08 15:29:06 | 000,000,600 | ---- | C] () -- C:\Users\jacobi678\PUTTY.RND
[2012/04/08 15:07:33 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012/04/08 14:08:05 | 000,205,098 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/03/18 22:11:24 | 000,007,651 | ---- | C] () -- C:\Users\jacobi678\AppData\Local\resmon.resmoncfg
[2011/09/10 00:18:21 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/21 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\Audacity
[2012/11/30 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\AVG2013
[2013/09/21 00:14:12 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\AVG2014
[2012/02/20 15:26:29 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\Blio
[2013/09/16 18:12:24 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\Free Download Manager
[2012/05/22 13:53:53 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\InfraRecorder
[2013/09/06 14:13:08 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\iPumper
[2012/09/02 10:57:02 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\NewspaperDirect
[2013/05/16 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\QuickScan
[2012/02/15 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\Sammsoft
[2012/11/30 15:51:38 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\SoftGrid Client
[2012/03/01 00:16:18 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\TP
[2012/09/27 22:35:54 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\TuneUp Software
[2012/02/26 23:42:12 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\WinBatch
[2012/03/07 00:08:48 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\Windows Live Writer
[2012/02/16 21:35:51 | 000,000,000 | ---D | M] -- C:\Users\jacobi678\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 21, 2013, 05:07:00 PM
That is what I wanted to see!!! 

1.  If you could re-open the OTL Fix log and scroll to the bottom, I'd like to see what is shown after all of the entries with the following with the Mozilla Firefox entry:

C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org\resources\api-utils\lib\event\.svn\tmp folder moved successfully.

You can find the log at named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log where the mmddyyyy etc. will be the date and time the fix was run.  Just copy from the bottom up to the end of the above-shown entries.  I won't need to see the rest of those.

2.  How is your computer now?
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 21, 2013, 07:27:16 PM
Corrine,Hope you have patients,
========== FILES ==========
C:\Users\jacobi678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver folder moved successfully.
C:\Users\jacobi678\AppData\Local\SySaver folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-1866074403-788936854-74266964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SySaver not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jacobi678
->Flash cache emptied: 1562 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bI can't find a log names OTLfix,maybe this is what you wanted.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 21, 2013, 07:43:38 PM
That is what I wanted.  Thank you!

If everything is back to normal (or semi-normal :lol: ), I'll provide specific instructions for cleaning up the tools we used.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 21, 2013, 09:15:31 PM
Corrine ,
Thanks,I think my computer is reasonably doing ok.Waiting for the cleanup process.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 22, 2013, 10:42:07 PM
Excellent! 

1.  Delete Junkware Removal Tool and Security Check from your desktop.

2.  Double-click on AdwCleaner.exe to run the tool again.
3.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).


4.  Finally, OTL CleanUp will handle the remaining programs.
If you did not reboot your computer normally, please do so now, before continuing.

5.  Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" (http://securitygarden.blogspot.com/p/blog-page.html).
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 23, 2013, 03:43:28 PM
Corrine,
I can't find adwcleaner,I must have deleted that awhile ago.So I tried to download it again
but it won't download.I get a dialog yet that my download mgr needs redoing and I also
keep getting a message to update internet explorer.My IE is up to date.Strange stuff.
adwcleaner starts and then quits buffering.Should I go on with the rest of your instructions
or what do you suggest. 
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 23, 2013, 04:52:50 PM
Hi, Johnson55.

You had indicated previously that you were having a problem with your download manager.  I gather you have not reinstalled it yet. 

From your original thread about the issues, it shows that you placed AdwCleaner in your Downloads folder.  Unless you deleted it, you can find it here:  C:\Users\jacobi678\Downloads\AdwCleaner.exe

Continue with the rest of the instructions.  Then see the information for IE 10 at Repair or reinstall Internet Explorer in Windows (http://support.microsoft.com/kb/318378).
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: johnson55 on September 23, 2013, 07:21:06 PM
Corrine,
Got the job done .
I deleted the download mgr.I'm not sure which one it was.Do I need one and how do I get a good one.
I hope this computer gets back to normal.I had my old XP windows for 10 years and never had much trouble.
I've had this one for2 years and it don't stop.I thank you for all the time you spent on this And hope you and yours
are doing good.
Title: Re: I get to many pup or adware when running spybot & malware byts
Post by: Corrine on September 23, 2013, 07:44:11 PM
You're welcome, Johnson55!  I'm happy I was able to help.  Hubby is on the mend so all is well.

Personally, I haven't used a download manager since I made the move from dialup to broadband.  Due to the add-ons that I use for helping on forums as well as updating my blog, my primary browser is Firefox.  Although I use the downloads folder for general items, there are many things I want to go to a specific folder so I have it set to always ask where to save a file I'm downloading.
Text only | Text with Images