Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD/Redirect + Others [Solved]

Started by gho , Oct 22 2012 06:28 PM

  • This topic is locked This topic is locked

#1
gho
Posted 22 October 2012 - 06:28 PM

gho

    Member

  • Member
  • PipPip
  • 54 posts
I have been having a fair share of issues lately. I have been getting BSOD when I try to watch videos/tv or save pictures on my computer. I have had redirects to websites, toolbars that I don't remember accepting. My homepage has been changed to funmoods/avg and ilivid tabs popping up. I get BSOD when trying to run a full scan of mircosoft security essentials. Before it BSOD it tells me I have unwanted stuff on my computer. Quick scans in miscrosoft security essentials comes back with nothing. I get nothing when running a full scan of malwarebytes anti malware which works fine. I downloaded avast from this website and ran it and it said 625 infected files before it BSOD happened 5 hours into the scan. I had my video controller/vga compatible driver yellow question mark on me. Now it's totally missing from my device driver. The dell driver site isn't working correctly when I attempt to get the drivers I need but works on the other computers in the house. I have attempted to download windows defender offline but it won't download to the CD. I got error code 0005-80004005 as the reason for it stopping.

This is my OTL txt I will follow it with my BSOD info

OTL logfile created on: 10/22/2012 7:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.08 Mb Total Physical Memory | 92.35 Mb Available Physical Memory | 18.39% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.44% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 29.87 Gb Free Space | 42.03% Space Free | Partition Type: NTFS

Computer Name: DCW-B947BB17513 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dave\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AIM7\aim.exe (AOL Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files\AIM7\nssckbi.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (speedfan) -- C:\WINDOWS\SYSTEM32\speedfan.sys (Almico Software)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (DMICall) -- C:\WINDOWS\SYSTEM32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (giveio) -- C:\WINDOWS\SYSTEM32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=1305979015
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1305979015

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_ENUS/120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....sa&d=2012-08-06 14:31:49&v=12.2.5.32&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-08-06 14:31:49&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9AB77FD1-C244-4BFC-9F29-12EB02615140}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1305979015
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.90
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.12
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.39
FF - prefs.js..keyword.URL: "https://isearch.avg....1:49&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/05 14:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\FinalVideoDownloader\Firefox [2012/07/30 15:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/14 23:23:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/14 23:23:45 | 000,000,000 | ---D | M]

[2012/03/25 15:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2012/10/22 13:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions
[2012/09/15 20:33:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/01 10:48:10 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/15 00:06:22 | 000,000,000 | ---D | M] ("Installation Assistant") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/15 00:44:31 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/22 13:55:43 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/07 19:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/07 11:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/22 13:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/01 10:48:19 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\searchplugins\Funmoods.xml
[2012/10/20 16:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/30 15:03:09 | 000,000,000 | ---D | M] (FinalVideoDownloader plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FINALVIDEODOWNLOADER\FIREFOX
[2012/03/31 15:20:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/13 00:45:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 05:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/06/22 23:21:37 | 000,001,982 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AIM Search.xml
[2012/08/30 16:09:38 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/28 22:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/07 19:07:25 | 000,002,167 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/13 00:43:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://blekko.com/ws...C9&tbp=homepage
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...E&cr=1305979015
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws...C9&tbp=homepage
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\

O1 HOSTS File: ([2004/08/12 09:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps)
O2 - BHO: (Installation Assistant) - {11111111-1111-1111-1111-110111691112} - C:\Program Files\Installation Assistant\Installation Assistant.dll (Installation Assistant)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Download and Sa Class) - {DC962554-C5A4-7BBC-1425-1822092D2E3C} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa\5069ae1bb3aa9.ocx ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Driver Tool] C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5958BC62-B1C3-4A4F-87A9-1DF85B592DCA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/19 19:59:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/10/22 01:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/10/22 01:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Coupon Companion
[2012/10/22 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion
[2012/10/20 19:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/10/20 16:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/10/20 16:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/10/20 16:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Tool
[2012/10/20 16:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Tool
[2012/10/20 16:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Tool
[2012/10/20 14:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\SpeedFan
[2012/10/20 14:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/10/19 15:29:31 | 000,000,000 | -HSD | C] -- C:\found.008
[2012/10/17 01:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\Administrative Tools
[2012/10/15 00:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Optimizer Pro
[2012/10/15 00:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\Go PDF Reader
[2012/10/13 00:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/07 19:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Go PDF Reader
[2012/10/07 19:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Installation Assistant
[2012/10/07 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Go PDF Reader
[2012/10/07 19:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\blekkotb_005
[2012/10/07 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012/10/07 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Installation Assistant
[2012/10/01 10:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
[2012/10/01 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SendSpace
[2012/10/01 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Download and Sa
[2012/10/01 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa
[2012/10/01 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2008/02/21 15:42:22 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2005/05/11 03:35:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 19:35:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/22 19:24:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/22 19:14:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1275210071-839522115-1004.job
[2012/10/22 19:13:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/22 14:23:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1275210071-839522115-1004.job
[2012/10/21 11:26:19 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\burnaware.ini
[2012/10/21 02:35:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/20 15:48:41 | 000,235,008 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 14:07:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SpeedFan.lnk
[2012/10/20 14:07:00 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/10/19 20:43:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 01:16:56 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/14 01:14:45 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/10 15:53:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/07 19:06:54 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Optimizer Pro.lnk
[2012/10/01 10:47:51 | 000,290,500 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\funmoods-speeddial_sf.crx
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/27 01:49:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/20 14:07:22 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SpeedFan.lnk
[2012/10/20 14:06:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/10/07 19:06:53 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Optimizer Pro.lnk
[2012/10/01 10:48:08 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\funmoods-speeddial_sf.crx
[2012/09/27 10:36:00 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/17 13:56:24 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/06 15:02:42 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\burnaware.ini
[2012/07/31 21:36:16 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\d3d9caps.dat
[2012/03/28 17:21:21 | 000,723,230 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/03/28 17:21:21 | 000,208,824 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/03/21 15:34:42 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/20 19:08:16 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/19 20:02:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/19 19:56:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/19 14:45:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/19 14:44:35 | 000,105,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/26 15:21:31 | 000,390,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/28 16:10:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/02/21 15:44:56 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/02/21 15:44:17 | 003,955,352 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe

========== ZeroAccess Check ==========

[2012/03/28 18:10:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/25 22:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2012/10/21 02:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/10/12 20:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\blekko toolbars
[2012/10/22 16:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2012/03/28 17:21:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/10/01 10:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa
[2012/10/20 16:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Tool
[2012/10/01 10:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2012/10/01 10:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
[2012/10/20 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/05 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UpdaterService
[2012/03/25 18:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2012/04/01 13:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CometPlayer
[2012/07/30 15:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FinalVideoDownloader
[2012/10/07 19:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Go PDF Reader
[2012/10/01 10:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SendSpace
[2012/04/05 14:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\StreamTorrent
[2012/10/21 02:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\tigerplayer

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB5755$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

BSOD Info

==================================================
Dump File : Mini101912-02.dmp
Crash Time : 10/19/2012 7:08:37 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1878
Parameter 2 : 0xc000000e
Parameter 3 : 0xf830f302
Parameter 4 : 0x07137860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101912-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101912-01.dmp
Crash Time : 10/19/2012 3:18:58 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x82cc2b58
Parameter 3 : 0x82cc2ccc
Parameter 4 : 0x805fafec
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c8be
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c8be
Stack Address 1 : ntoskrnl.exe+157131
Stack Address 2 : ntoskrnl.exe+123faa
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101912-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101612-02.dmp
Crash Time : 10/16/2012 6:13:19 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0708390
Parameter 2 : 0xc000000e
Parameter 3 : 0xe1072394
Parameter 4 : 0x0a7168c0
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+3025
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101612-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101612-01.dmp
Crash Time : 10/16/2012 3:29:25 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc000000e
Parameter 2 : 0xc000000e
Parameter 3 : 0x00000000
Parameter 4 : 0x02d31000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+21ce3
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+381ac
Stack Address 2 : ntoskrnl.exe+38ee6
Stack Address 3 : ntoskrnl.exe+651b4
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101612-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101412-01.dmp
Crash Time : 10/14/2012 7:25:45 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x826f4940
Parameter 3 : 0x826f4ab4
Parameter 4 : 0x805c86bc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+21ce3
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+f0741
Stack Address 2 : ntoskrnl.exe+f1767
Stack Address 3 : ntoskrnl.exe+66738
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101412-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101312-04.dmp
Crash Time : 10/13/2012 11:53:44 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x19733860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101312-04.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101312-03.dmp
Crash Time : 10/13/2012 10:19:55 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xe1bf4700
Parameter 2 : 0xc000000e
Parameter 3 : 0xbf8d7659
Parameter 4 : 0x16a0d860
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+d7659
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6257 (xpsp_sp3_gdr.120703-1633)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101312-03.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101312-02.dmp
Crash Time : 10/13/2012 10:12:49 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x04a7f860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101312-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101312-01.dmp
Crash Time : 10/13/2012 12:40:43 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x1d0d1860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101312-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101212-02.dmp
Crash Time : 10/12/2012 11:02:19 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x1788a860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101212-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini101212-01.dmp
Crash Time : 10/12/2012 7:19:32 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x00e15860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ce3
Stack Address 1 : ntoskrnl.exe+3bab1
Stack Address 2 : ntoskrnl.exe+3c5d7
Stack Address 3 : ntoskrnl.exe+45b5c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101212-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini100612-01.dmp
Crash Time : 10/6/2012 12:48:44 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x044e6860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ca3
Stack Address 1 : ntoskrnl.exe+3ba71
Stack Address 2 : ntoskrnl.exe+3c597
Stack Address 3 : ntoskrnl.exe+45b1c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100612-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini100512-01.dmp
Crash Time : 10/5/2012 10:42:24 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x15035860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ca3
Stack Address 1 : ntoskrnl.exe+3ba71
Stack Address 2 : ntoskrnl.exe+3c597
Stack Address 3 : ntoskrnl.exe+45b1c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100512-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini091712-01.dmp
Crash Time : 9/17/2012 12:01:26 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x806d3753
Parameter 3 : 0xf8902c28
Parameter 4 : 0xf8902924
Caused By Driver : hal.dll
Caused By Address : hal.dll+2753
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+2753
Stack Address 1 : fltmgr.sys+17b6c
Stack Address 2 : fltmgr.sys+190ba
Stack Address 3 : fltmgr.sys+b8f7
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091712-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini091312-01.dmp
Crash Time : 9/13/2012 11:17:36 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a08
Parameter 2 : 0xc000000e
Parameter 3 : 0xf834150c
Parameter 4 : 0x0b7ae860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+d50c
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ca3
Stack Address 1 : ntoskrnl.exe+3ba71
Stack Address 2 : ntoskrnl.exe+3c597
Stack Address 3 : ntoskrnl.exe+45b1c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091312-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090312-01.dmp
Crash Time : 9/3/2012 1:42:59 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x806d3753
Parameter 3 : 0xf88fac28
Parameter 4 : 0xf88fa924
Caused By Driver : hal.dll
Caused By Address : hal.dll+2753
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+2753
Stack Address 1 : fltmgr.sys+17b6c
Stack Address 2 : fltmgr.sys+190ba
Stack Address 3 : fltmgr.sys+b8f7
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090312-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini082912-01.dmp
Crash Time : 8/29/2012 3:33:26 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc07c1a28
Parameter 2 : 0xc000000e
Parameter 3 : 0xf8345302
Parameter 4 : 0x09672860
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+11302
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21ca3
Stack Address 1 : ntoskrnl.exe+3ba71
Stack Address 2 : ntoskrnl.exe+3c597
Stack Address 3 : ntoskrnl.exe+45b1c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082912-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini033112-01.dmp
Crash Time : 3/31/2012 11:47:13 AM
Bug Check String : CONFIG_LIST_FAILED
Bug Check Code : 0x00000073
Parameter 1 : 0x00000001
Parameter 2 : 0xc000017d
Parameter 3 : 0x00000001
Parameter 4 : 0xf896abb8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+21cc5
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+21cc5
Stack Address 1 : ntoskrnl.exe+147c1b
Stack Address 2 : ntoskrnl.exe+14b561
Stack Address 3 : ntoskrnl.exe+141ee8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini033112-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================
  • 0

Advertisements

#2
maliprog
Posted 22 October 2012 - 11:57 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gho and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=1305979015
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1305979015
    IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....sa&d=2012-08-06 14:31:49&v=12.2.5.32&sap=hp
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-08-06 14:31:49&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1305979015
    FF - prefs.js..keyword.URL: "https://isearch.avg....1:49&sap=ku&q="
    [2012/10/22 13:55:43 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
    [2012/10/01 10:48:19 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\searchplugins\Funmoods.xml
    [2012/08/30 16:09:38 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    CHR - default_search_provider: Funmoods ()
    CHR - default_search_provider: search_url = http://searchfunmood...E&cr=1305979015
    O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps)
    O2 - BHO: (Installation Assistant) - {11111111-1111-1111-1111-110111691112} - C:\Program Files\Installation Assistant\Installation Assistant.dll (Installation Assistant)
    [2012/10/22 01:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Coupon Companion
    [2012/10/22 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion
    [2012/10/01 10:47:51 | 000,290,500 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\funmoods-speeddial_sf.crx

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please don't forget to include these items in your reply:

  • adwCleaner log
  • OTL fix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
gho
Posted 23 October 2012 - 10:24 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
# AdwCleaner v2.005 - Logfile created 10/23/2012 at 12:15:43
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dave - DCW-B947BB17513
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dave\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Dave\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\searchplugins\funmoods.xml
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\Dave\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\Dave\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=bf3&chnl=bf3&cd=2XzuyEtN2Y1L1QzutDtDtCtCtDzy0B0CtCyC0EtB0CyD0EzytN0D0Tzu0CtByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1305979015 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={006ED779-93A6-42C9-9F3D-A8A7FA294D57}&mid=29645346af2647d08461d1584f58ff11-ff479fa31353f6380522a599cd42b796931d3294&lang=en&ds=gf011&pr=sa&d=2012-08-06 14:31:49&v=12.2.5.32&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\prefs.js

C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "blekko");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.5069ae1bb39c4.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationThankYouPage", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationTime", 1349651174);
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.active", true);
Deleted : user_pref("extensions.crossriderapp16912.16912.addressbar", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.backgroundjs", "\n\n/********************************[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp16912.16912.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp16912.16912.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.InstallationTime.value", "1349651174");
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.monetizeFingerprint.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.monetizeFingerprint.value", "%227c09685128388b[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.uti.edu/request-info/request-info-halogen/b/.e[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.cookie.uti.edu/request-info/request-info-halogen/b/.v[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.description", "Update and optimize your installation"[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.domain", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.group", 0);
Deleted : user_pref("extensions.crossriderapp16912.16912.homepage", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.iframe", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_appVer.value", "15");
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_nextCheck.expiration", "Tue Oct [...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.js", "\n\n /****************************************[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.name", "Installation Assistant");
Deleted : user_pref("extensions.crossriderapp16912.16912.newtab", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.opensearch", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_16.code", "(function(f,b){if(typeof(b)[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins_lists.plugins_0", "17,14,16,47");
Deleted : user_pref("extensions.crossriderapp16912.16912.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,2[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp16912.16912.pluginsversion", 1);
Deleted : user_pref("extensions.crossriderapp16912.16912.publisher", "Installation Assistant");
Deleted : user_pref("extensions.crossriderapp16912.16912.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp16912.16912.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp16912.16912.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.thankyou", "");
Deleted : user_pref("extensions.crossriderapp16912.16912.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp16912.16912.ver", 15);
Deleted : user_pref("extensions.crossriderapp16912.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp16912.apps", "16912");
Deleted : user_pref("extensions.crossriderapp16912.bic", "13683d4e8fc42c1cd2e47970b2625126");
Deleted : user_pref("extensions.crossriderapp16912.cid", 16912);
Deleted : user_pref("extensions.crossriderapp16912.firstrun", false);
Deleted : user_pref("extensions.crossriderapp16912.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp16912.installationdate", 1349651401);
Deleted : user_pref("extensions.crossriderapp16912.lastcheck", 22516720);
Deleted : user_pref("extensions.crossriderapp16912.lastcheckitem", 22516796);
Deleted : user_pref("extensions.crossriderapp16912.modetype", "production");
Deleted : user_pref("extensions.crossriderapp16912.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1333650252);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1333650252");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1333650252");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Tue Oct 23 2012 11:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Oct 28 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1351007720");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346187225160");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pid.value", "%2221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2228301%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346011971420");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "91");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Tue Oct 23[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 16);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 91);
Deleted : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1333651630);
Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_N[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 15);
Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1333651630");
Deleted : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.inde[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)"[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{}[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)"[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedTe[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"und[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,b){if(typeof([...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.code", "if(typeof window!==\"unde[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014")[...]
Deleted : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp2258.73407340.ver", 90);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "13683d4e8fc42c1cd2e47970b2625126");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1333651630);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22516720);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22516796);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340759337233");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340759337208");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1350882087);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1350882087");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1350882087");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Tue Oct 23 2012 11:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Mon Oct 29 2012 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1351007720");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1350882814008");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2296695%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1350882789534");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "40");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Oct 23[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 16);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 40);
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13683d4e8fc42c1cd2e47970b2625126");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1350882772);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22516720);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22516796);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,downloader@final[...]
Deleted : user_pref("extensions.funmoods.aflt", "bf3");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "16EA929AA1BF7962B83F142F99908FE2");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=bf3&chnl=bf3&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "001109BC16E2C5E9");
Deleted : user_pref("extensions.funmoods.id", "001109BC16E2C5E9");
Deleted : user_pref("extensions.funmoods.instlDay", "15614");
Deleted : user_pref("extensions.funmoods.instlRef", "bf3");
Deleted : user_pref("extensions.funmoods.instlday", "15614");
Deleted : user_pref("extensions.funmoods.instlref", "bf3");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2210:47:38");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=bf3&chnl=bf3&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=bf3&chnl=bf3&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=bf3&chnl=bf3&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=bf3&chnl=bf3&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2210:47:38");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2210:47:38");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2210:47:38");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B20a2be5f-26b4-4b0e-b315-4c7c9fb18f8c[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.7] : homepage = "hxxp://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=822C96F02108DF7A425F7450720AFBC9&tbp=homepage",
Deleted [l.10] : urls_to_restore_on_startup = ["hxxp://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=822C96F02108DF7A425F7450720AFBC9&tbp=homepage"],
Deleted [l.34] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=bf3&chnl=bf3&cd=2XzuyEtN2Y1L1QzutDtDtCtCtDzy0B0CtCyC0EtB0CyD0EzytN0D0Tzu0CtByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1305979015",
Deleted [l.145] : homepage = "hxxp://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=822C96F02108DF7A425F7450720AFBC9&tbp=homepage",
Deleted [l.393] : urls_to_restore_on_startup = ["hxxp://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=822C96F02108DF7A425F7450720AFBC9&tbp=homepage", "hxxp://searchfunmoods.com/?f=1&a=bf3&chnl=bf3&cd=2XzuyEtN2Y1L1QzutDtDtCtCtDzy0B0CtCyC0EtB0CyD0EzytN0D0Tzu0CtByByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1305979015"],

*************************

AdwCleaner[S1].txt - [48471 octets] - [23/10/2012 12:15:43]

########## EOF - C:\AdwCleaner[S1].txt - [48532 octets] ##########
  • 0

#4
gho
Posted 23 October 2012 - 10:51 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Prefs.js: "https://isearch.avg....1:49&sap=ku&q=" removed from keyword.URL
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\skin folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\extensionCode folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected] folder moved successfully.
File C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\searchplugins\Funmoods.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}\ deleted successfully.
C:\Program Files\Coupon Companion\Coupon Companion.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111691112}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111691112}\ deleted successfully.
C:\Program Files\Installation Assistant\Installation Assistant.dll moved successfully.
C:\Documents and Settings\Dave\Local Settings\Application Data\Coupon Companion\Chrome folder moved successfully.
C:\Documents and Settings\Dave\Local Settings\Application Data\Coupon Companion folder moved successfully.
C:\Program Files\Coupon Companion folder moved successfully.
C:\Documents and Settings\Dave\Local Settings\Application Data\funmoods-speeddial_sf.crx moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114716 bytes
->FireFox cache emptied: 5837408 bytes
->Flash cache emptied: 56468 bytes

User: Administrator.DCW-B947BB17513
->Temp folder emptied: 400 bytes
->Temporary Internet Files folder emptied: 115003 bytes

User: All Users

User: All Users.WINDOWS

User: Dave
->Temp folder emptied: 1372709602 bytes
->Temporary Internet Files folder emptied: 40557806 bytes
->FireFox cache emptied: 24916550 bytes
->Google Chrome cache emptied: 11065469 bytes
->Flash cache emptied: 173404 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: GOLDEN

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 61718030 bytes
->Java cache emptied: 633 bytes
->Flash cache emptied: 46435 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: My Pictures

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 156149250 bytes
->Java cache emptied: 761 bytes
->Flash cache emptied: 59906 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 3336596 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: X2Z
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

User: X2Z.D954T171
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64348825 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 385433268 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 180992961 bytes

Total Files Cleaned = 2,204.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10232012_122937

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
maliprog
Posted 23 October 2012 - 10:58 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's install the free Avast again and do Boot scan:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.
  • 0

#6
gho
Posted 24 October 2012 - 01:20 PM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I ran the scan it has gone to 100% complete on the scanning. It now says continuing with boot. That has been up a good half hour now. Was it supposed to kick straight through after the scan or is the continuing with boot supposed to be taking awhile as well?
  • 0

#7
gho
Posted 24 October 2012 - 09:37 PM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Dell site seems to be working again on the computer. Which download do I need to get my video controller back on my computer? Service Tag 954T171
  • 0

#8
maliprog
Posted 24 October 2012 - 11:19 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gho,

Which download do I need to get my video controller back on my computer? Service Tag 954T171


First we need to make sure your system is clean. After that we will continue with drivers installation.

Step 1

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 2

Please don't forget to include these items in your reply:

  • OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
gho
Posted 25 October 2012 - 12:14 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 10/25/2012 1:56:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dave\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.08 Mb Total Physical Memory | 232.14 Mb Available Physical Memory | 46.24% Memory free
1.20 Gb Paging File | 0.95 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 30.71 Gb Free Space | 43.22% Space Free | Partition Type: NTFS

Computer Name: DCW-B947BB17513 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dave\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AIM7\aim.exe (AOL Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AIM7\nssckbi.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (speedfan) -- C:\WINDOWS\SYSTEM32\speedfan.sys (Almico Software)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (DMICall) -- C:\WINDOWS\SYSTEM32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (giveio) -- C:\WINDOWS\SYSTEM32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_ENUS/120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9AB77FD1-C244-4BFC-9F29-12EB02615140}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.12
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/05 14:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\FinalVideoDownloader\Firefox [2012/07/30 15:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/14 23:23:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/23 12:16:05 | 000,000,000 | ---D | M]

[2012/03/25 15:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2012/10/23 12:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions
[2012/09/15 20:33:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/01 10:48:10 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/15 00:06:22 | 000,000,000 | ---D | M] ("Installation Assistant") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]
[2012/10/07 19:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\2m4oqlxg.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/20 16:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/30 15:03:09 | 000,000,000 | ---D | M] (FinalVideoDownloader plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FINALVIDEODOWNLOADER\FIREFOX
[2012/03/31 15:20:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/13 00:45:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 05:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/06/22 23:21:37 | 000,001,982 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AIM Search.xml
[2012/08/28 22:51:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/07 19:07:25 | 000,002,167 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/13 00:43:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2004/08/12 09:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Download and Sa Class) - {DC962554-C5A4-7BBC-1425-1822092D2E3C} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa\5069ae1bb3aa9.ocx ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Driver Tool] C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5958BC62-B1C3-4A4F-87A9-1DF85B592DCA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/19 19:59:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/23 15:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2012/10/23 12:29:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/22 23:39:27 | 000,000,000 | ---D | C] -- C:\Intel
[2012/10/22 01:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/10/22 01:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/10/20 19:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/10/20 16:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/10/20 16:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/10/20 16:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Tool
[2012/10/20 16:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Driver Tool
[2012/10/20 16:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Tool
[2012/10/20 14:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\SpeedFan
[2012/10/20 14:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/10/19 15:29:31 | 000,000,000 | -HSD | C] -- C:\found.008
[2012/10/17 01:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\Administrative Tools
[2012/10/15 00:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Optimizer Pro
[2012/10/15 00:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Start Menu\Programs\Go PDF Reader
[2012/10/13 00:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/07 19:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Go PDF Reader
[2012/10/07 19:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Installation Assistant
[2012/10/07 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Go PDF Reader
[2012/10/07 19:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\blekkotb_005
[2012/10/07 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012/10/07 19:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Installation Assistant
[2012/10/01 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\SendSpace
[2012/10/01 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Download and Sa
[2012/10/01 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa
[2008/02/21 15:42:22 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2005/05/11 03:35:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2012/10/25 01:42:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/25 01:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/25 01:32:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1275210071-839522115-1004.job
[2012/10/25 01:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/24 23:09:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/24 21:42:37 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\burnaware.ini
[2012/10/23 01:32:14 | 000,235,008 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/22 14:23:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1275210071-839522115-1004.job
[2012/10/20 14:07:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SpeedFan.lnk
[2012/10/20 14:07:00 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/10/19 20:43:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/14 01:16:56 | 000,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/14 01:14:45 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/10 15:53:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/07 19:06:54 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Optimizer Pro.lnk
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/27 01:49:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/10/20 14:07:22 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SpeedFan.lnk
[2012/10/20 14:06:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/10/07 19:06:53 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Optimizer Pro.lnk
[2012/09/27 10:36:00 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/17 13:56:24 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/06 15:02:42 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\burnaware.ini
[2012/07/31 21:36:16 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\d3d9caps.dat
[2012/03/28 17:21:21 | 000,723,230 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/03/28 17:21:21 | 000,208,824 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/03/21 15:34:42 | 000,235,008 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/20 19:08:16 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/19 20:02:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/19 19:56:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/19 14:45:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/19 14:44:35 | 000,105,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/26 15:21:31 | 000,390,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/28 16:10:07 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/02/21 15:44:56 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008/02/21 15:44:17 | 003,955,352 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe

========== ZeroAccess Check ==========

[2012/03/28 18:10:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/25 22:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2012/10/24 23:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2012/10/23 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2012/03/28 17:21:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/10/24 23:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Download and Sa
[2012/10/20 16:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Tool
[2012/10/20 16:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/04/05 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UpdaterService
[2012/03/25 18:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\acccore
[2012/04/01 13:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\CometPlayer
[2012/07/30 15:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\FinalVideoDownloader
[2012/10/07 19:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Go PDF Reader
[2012/10/01 10:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SendSpace
[2012/04/05 14:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\StreamTorrent
[2012/10/21 02:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\tigerplayer

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB5755$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

#10
maliprog
Posted 25 October 2012 - 12:18 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looking good. How is your system now? Any trace of malware that you can see?
  • 0

Advertisements

#11
gho
Posted 25 October 2012 - 12:23 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
It's running okay I haven't tried to save anything or play any videos. Earlier today after the boot scan I got a couple not less or equal blue screens. Then tonight I tried to run a full MSE scan and it blue screened on me. I deleted the avast tonight because it was really slowing down my computer. It seems to run much smoother when MSE is running.
  • 0

#12
maliprog
Posted 25 October 2012 - 12:29 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

I deleted the avast tonight because it was really slowing down my computer. It seems to run much smoother when MSE is running.


You are right. You must leave only one antivirus on your system. Let's try this steps to stop BSOD-s


Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart + Disk Check

Posted Image

Let it restart your system and do defragment and disk check for you. After this test your system for couple of hours and let me know results.
  • 0

#13
gho
Posted 25 October 2012 - 12:32 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Okay will do it first thing in the morning. Should I try to get my video controller after that so I can try to watch videos and stuff like normal? Not really sure which download contains the controller on the dell site.
  • 0

#14
maliprog
Posted 25 October 2012 - 12:36 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Should I try to get my video controller after that so I can try to watch videos and stuff like normal? Not really sure which download contains the controller on the dell site.


Can you describe your problem with video card? Do you have problems with watching videos or you can't play games ether?
  • 0

#15
gho
Posted 25 October 2012 - 12:50 AM

gho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
It doesn't show up in my device manager anymore. It was yellow question marks on the controller and the vga when I checked my device manager when some of these problems started. I tried to update or fix them through the device manager and they just vanished on me. Since then I haven't been able to play videos without blue screening. UFC didn't work then this past weekend football wouldn't work. Most of the time would blue screen after 5 min or so. Youtube was incredibly laggy and unbearable to use. Haven't played any games recently.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP