Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

incredibar virus [Closed]


  • This topic is locked This topic is locked

#1
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 35 posts
Hello, My computer has been infected with multiple malware including Incredibar and WhiteSmoke. Here is the OTL log;

OTL logfile created on: 12/10/2012 5:37:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigred\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 49.93% Memory free
7.60 Gb Paging File | 4.80 Gb Available in Paging File | 63.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 122.21 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGRED-HP | User Name: bigred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 17:36:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Downloads\OTL.exe
PRC - [2012/12/03 13:57:32 | 034,199,424 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/11/26 11:12:42 | 003,569,512 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2012/11/26 11:12:42 | 000,196,456 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2012/11/26 11:12:42 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2012/11/26 11:12:42 | 000,082,792 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2012/11/26 11:12:42 | 000,014,696 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2012/11/08 16:58:24 | 016,070,136 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/11/08 12:16:41 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 12:16:41 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/27 12:43:04 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\bigred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/05/03 10:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/15 11:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/09 00:57:00 | 001,694,128 | ---- | M] (iMesh, Inc) -- C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011/07/06 19:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/14 09:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/10 17:29:17 | 000,254,976 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.10_0\plugins\npDefaultTabSearch.dll
MOD - [2012/12/10 14:03:51 | 001,024,024 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\windows._cacheinvalidation.pyd
MOD - [2012/12/10 14:03:51 | 000,792,576 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._gdi_.pyd
MOD - [2012/12/10 14:03:51 | 000,731,136 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._misc_.pyd
MOD - [2012/12/10 14:03:51 | 000,645,120 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\_ssl.pyd
MOD - [2012/12/10 14:03:51 | 000,571,392 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\pysqlite2._sqlite.pyd
MOD - [2012/12/10 14:03:51 | 000,354,304 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\pythoncom26.dll
MOD - [2012/12/10 14:03:51 | 000,263,168 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32com.shell.shell.pyd
MOD - [2012/12/10 14:03:51 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32security.pyd
MOD - [2012/12/10 14:03:51 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\PyWinTypes26.dll
MOD - [2012/12/10 14:03:51 | 000,096,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32api.pyd
MOD - [2012/12/10 14:03:51 | 000,086,016 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\_elementtree.pyd
MOD - [2012/12/10 14:03:51 | 000,073,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\_ctypes.pyd
MOD - [2012/12/10 14:03:51 | 000,070,656 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._html2.pyd
MOD - [2012/12/10 14:03:51 | 000,040,448 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\_socket.pyd
MOD - [2012/12/10 14:03:51 | 000,023,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32ts.pyd
MOD - [2012/12/10 14:03:51 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32profile.pyd
MOD - [2012/12/10 14:03:51 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32crypt.pyd
MOD - [2012/12/10 14:03:50 | 001,169,408 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._core_.pyd
MOD - [2012/12/10 14:03:50 | 000,807,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._windows_.pyd
MOD - [2012/12/10 14:03:50 | 000,311,808 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\_hashlib.pyd
MOD - [2012/12/10 14:03:50 | 000,121,856 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._wizard.pyd
MOD - [2012/12/10 14:03:50 | 000,111,104 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32file.pyd
MOD - [2012/12/10 14:03:50 | 000,039,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32inet.pyd
MOD - [2012/12/10 14:03:50 | 000,036,352 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32process.pyd
MOD - [2012/12/10 14:03:50 | 000,022,528 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32pdh.pyd
MOD - [2012/12/10 14:03:49 | 001,056,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\wx._controls_.pyd
MOD - [2012/12/10 14:03:49 | 000,585,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\unicodedata.pyd
MOD - [2012/12/10 14:03:49 | 000,153,088 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\pyexpat.pyd
MOD - [2012/12/10 14:03:49 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\win32event.pyd
MOD - [2012/12/10 14:03:49 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23362\select.pyd
MOD - [2012/11/27 19:43:17 | 000,460,904 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/27 19:43:16 | 012,456,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/27 19:43:15 | 004,008,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/27 19:42:30 | 000,587,880 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/27 19:42:29 | 000,124,520 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/27 19:42:22 | 000,157,304 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/27 19:42:21 | 002,168,952 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/27 19:42:21 | 000,275,576 | ---- | M] () -- C:\Users\bigred\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012/11/16 12:52:38 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87cabb0fdab32b869f1b180d10336ee0\IAStorUtil.ni.dll
MOD - [2012/11/16 12:29:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/16 12:29:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 12:29:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/16 12:28:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 12:28:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 12:28:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/16 12:28:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll
MOD - [2012/11/16 12:28:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 12:28:04 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 12:27:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/08 12:16:41 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 12:16:41 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 12:16:41 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/09/25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012/09/25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012/09/25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/08/16 03:44:16 | 000,436,344 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/26 11:12:42 | 003,569,512 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2012/11/26 11:12:42 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2012/11/26 11:12:42 | 000,014,696 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2012/11/12 10:57:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/08 12:16:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/07 21:30:32 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/10 14:04:15 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/11/19 11:44:05 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/11/08 12:16:41 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 08:14:40 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/01 01:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 18:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glary...com/?src=iehome
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}
IE - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000c0cb3865fdbb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-26 14:04:18&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10}: "URL" = http://som.startnow....eferrer:source}
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\..\SearchScopes\{D860F854-D0FA-478B-AD33-C964539D75DB}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2CE6E4D-57C5-467F-8599-01193454C044}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylo...00c0cb3865fdbb"
FF - prefs.js..extensions.enabledAddons: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.5.0.01
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.25
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.485
FF - prefs.js..extensions.enabledAddons: {cce665dd-f6dd-4808-968e-eaec971f70ef}:10.10.27.6
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.34
FF - prefs.js..keyword.URL: "http://search.babylo...0cb3865fdbb&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\bigred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\bigred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\bigred\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/16 01:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 12:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 12:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/16 01:03:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/21 14:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/21 14:19:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 12:25:45 | 000,000,000 | ---D | M]

[2011/11/15 18:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Extensions
[2012/12/09 18:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions
[2011/11/15 18:53:38 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/10/11 10:59:10 | 000,000,000 | ---D | M] (Vgrabber Community Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
[2012/10/11 10:59:12 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/10/11 10:59:28 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/04/17 13:41:46 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2012/11/20 21:21:26 | 000,000,000 | ---D | M] (DealCabby) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2012/11/16 13:49:41 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]lon.com
[2012/07/26 20:16:41 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2012/10/11 11:05:46 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2012/07/26 20:14:58 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2012/08/17 09:52:40 | 000,022,392 | ---- | M] () (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2011/09/27 21:32:08 | 000,001,945 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\bing-zugo.xml
[2012/08/17 09:54:00 | 000,000,919 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\conduit.xml
[2012/07/26 20:16:07 | 000,002,203 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\MyStart Search.xml
[2012/10/12 09:08:29 | 000,002,030 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\search-here.xml
[2011/11/15 18:53:34 | 000,002,515 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Search_Results.xml
[2012/02/19 16:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 04:09:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/19 16:34:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/11/15 18:53:42 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/16 01:03:59 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/09/26 13:04:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/07 23:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 15:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 15:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/08 12:16:43 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/20 21:21:28 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/05/30 17:53:12 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2012/05/27 23:20:36 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/11/15 18:53:34 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Wajam (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.8_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhffggcfjnkigeciffmipblemhphbjl\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\bigred\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DefaultTab = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.10_0\
CHR - Extension: DefaultTab = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.8_0\
CHR - Extension: SaveValet = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb\1.7.3.4_0\
CHR - Extension: AVG Secure Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: AVG Secure Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: OneClickDownload = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.1_0\
CHR - Extension: OneClickDownload = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\

O1 HOSTS File: ([2010/05/13 16:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
O2:64bit: - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot-x64.dll (RebateRobot)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DealCabby) - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - C:\Users\bigred\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll File not found
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz1.dll (Conduit Ltd.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify] C:\Users\bigred\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\bigred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: NameServer = 216.146.35.240,216.146.36.240,68.105.28.12,68.105.29.12,68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5B1F85-3362-4502-B466-8FA0186AD10E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9486e8cb-1373-11e2-a53b-99e9285c36f1}\Shell - "" = AutoRun
O33 - MountPoints2\{9486e8cb-1373-11e2-a53b-99e9285c36f1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
O33 - MountPoints2\{ef76c781-e917-11e1-ada3-c54c09a802e6}\Shell - "" = AutoRun
O33 - MountPoints2\{ef76c781-e917-11e1-ada3-c54c09a802e6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/09 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Las Vegas Trade Shows Gift Shows ASD LV_files
[2012/12/09 20:31:58 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Celtic
[2012/12/09 14:19:24 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Call of Cthulhu Related Texts The Necronomicon pdf - Free Download from crocko - FilesTube.com_files
[2012/12/09 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Van-Van Annointing Oil_files
[2012/12/09 12:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/08 13:45:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents of England_files
[2012/12/08 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Russia_files
[2012/12/08 13:43:25 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Scotland_files
[2012/12/08 12:20:51 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Parent Trap 3 and 4 Hawaiian Honeymoon DVD set FREE SHIPPING WORLDWIDE for sale (23XQVZ) Sell.com_files
[2012/12/08 12:19:23 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\The Parent Trap 3 & 4 Hawaiian Honeymoon for sale_files
[2012/12/07 04:27:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Animal Totems and Animal Symbolism_files
[2012/12/06 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\thru_the_years_files
[2012/12/06 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Appliance Parts Center Las Vegas_files
[2012/12/06 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Identify Animal Totems_files
[2012/12/06 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Animal Totem - How to find your Animal Totem_files
[2012/12/06 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Native American Indian Crafts, Craft Supplies - FREE Patterns_files
[2012/12/05 17:38:17 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\The Meaning of Colors Wicca-Spirituality.com_files
[2012/12/05 17:05:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Heaven and Earth Jewelry - Crystal & Mineral Gallery_files
[2012/12/05 17:01:10 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\{3FA2CCFC-4953-44B9-9BB3-260FF1ADCD6A}
[2012/12/04 14:16:32 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\lectra modaris v6 - Google Search_files
[2012/12/04 14:16:22 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Apparel design, cutting machine and fashion plm solutions_files
[2012/12/04 14:05:59 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\Gerber Accumark Family Apparel Design 8.2.0.156 (Working Crack With Detailed install instructions)
[2012/12/03 15:30:08 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\SlimWare Utilities Inc
[2012/12/03 15:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/12/03 15:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/12/03 15:28:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/12/03 14:39:35 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\NextBook
[2012/12/03 00:22:14 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Design Your Own Barnes & Noble NOOK Tablet Custom Skin - Barnes & Noble NOOK Tablet_files
[2012/12/02 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\EZTV - TV Torrents Online_files
[2012/12/02 13:04:15 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\THE ART OF WOODWORKING
[2012/11/27 17:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/27 17:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/21 14:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/11/21 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/11/20 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/20 21:21:25 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\dealcabby
[2012/11/20 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/11/20 00:12:07 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\AnyDVDHD
[2012/11/19 08:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/11/19 08:27:38 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Malwarebytes
[2012/11/19 08:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/16 13:49:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\GoogleChromePackages
[2012/11/16 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/11/16 13:49:35 | 000,321,384 | ---- | C] (Sendori) -- C:\Windows\SysWow64\Sendori.dll
[2012/11/16 13:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sendori
[2012/11/16 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sendori
[2012/11/16 13:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/16 13:49:18 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Babylon
[2012/11/14 17:14:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Diet
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/10 17:32:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2012/12/10 17:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/10 14:55:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2012/12/10 14:12:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 14:12:57 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 14:06:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2012/12/10 14:04:15 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/12/10 14:03:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/10 14:03:42 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/12/10 14:03:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/10 14:03:37 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 22:29:46 | 000,100,796 | ---- | M] () -- C:\Users\bigred\Desktop\Las Vegas Trade Shows Gift Shows ASD LV.htm
[2012/12/09 21:32:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2012/12/09 20:55:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2012/12/09 14:19:24 | 000,102,921 | ---- | M] () -- C:\Users\bigred\Desktop\Call of Cthulhu Related Texts The Necronomicon pdf - Free Download from crocko - FilesTube.com.htm
[2012/12/09 12:46:12 | 000,056,868 | ---- | M] () -- C:\Users\bigred\Desktop\Van-Van Annointing Oil.htm
[2012/12/09 12:34:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/09 00:15:51 | 000,759,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/09 00:15:51 | 000,648,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/09 00:15:51 | 000,114,912 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/08 13:45:02 | 000,114,305 | ---- | M] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents of England.htm
[2012/12/08 13:43:44 | 000,084,960 | ---- | M] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Russia.htm
[2012/12/08 13:43:25 | 000,087,283 | ---- | M] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Scotland.htm
[2012/12/08 12:20:51 | 000,130,135 | ---- | M] () -- C:\Users\bigred\Desktop\Parent Trap 3 and 4 Hawaiian Honeymoon DVD set FREE SHIPPING WORLDWIDE for sale (23XQVZ) Sell.com.htm
[2012/12/08 12:19:23 | 000,153,604 | ---- | M] () -- C:\Users\bigred\Desktop\The Parent Trap 3 & 4 Hawaiian Honeymoon for sale.htm
[2012/12/07 04:27:00 | 000,143,794 | ---- | M] () -- C:\Users\bigred\Desktop\Animal Totems and Animal Symbolism.htm
[2012/12/06 22:20:58 | 000,032,143 | ---- | M] () -- C:\Users\bigred\Desktop\thru_the_years.htm
[2012/12/06 22:20:21 | 000,077,101 | ---- | M] () -- C:\Users\bigred\Desktop\66 chevelle SS 396 003.jpg
[2012/12/06 21:03:12 | 000,144,104 | ---- | M] () -- C:\Users\bigred\Desktop\Appliance Parts Center Las Vegas.htm
[2012/12/06 17:59:39 | 000,175,838 | ---- | M] () -- C:\Users\bigred\Desktop\Identify Animal Totems.htm
[2012/12/06 17:57:37 | 000,105,626 | ---- | M] () -- C:\Users\bigred\Desktop\Animal Totem - How to find your Animal Totem.htm
[2012/12/06 17:45:46 | 000,086,348 | ---- | M] () -- C:\Users\bigred\Desktop\Native American Indian Crafts, Craft Supplies - FREE Patterns.htm
[2012/12/06 12:50:12 | 000,086,898 | ---- | M] () -- C:\Users\bigred\Desktop\CyberMoon Emporium WitchCraft Supplies Premier WitchCraft Store, Wiccan Supplies Store, Metaphysical Supplies Store, Occult Supplies Store, New Age Supplies Store, wiccan jewelry, Witch Supplies, Witch Store, witch jewelry, Pagan.htm
[2012/12/05 17:05:00 | 000,146,020 | ---- | M] () -- C:\Users\bigred\Desktop\Heaven and Earth Jewelry - Crystal & Mineral Gallery.htm
[2012/12/04 14:16:32 | 000,292,729 | ---- | M] () -- C:\Users\bigred\Desktop\lectra modaris v6 - Google Search.htm
[2012/12/04 14:16:22 | 000,102,628 | ---- | M] () -- C:\Users\bigred\Desktop\Apparel design, cutting machine and fashion plm solutions.htm
[2012/12/04 14:05:05 | 000,000,117 | ---- | M] () -- C:\Users\bigred\Documents\1Click.cfg
[2012/12/04 02:07:50 | 000,049,035 | ---- | M] () -- C:\Users\bigred\Desktop\309110_10151107589842644_1856268295_n.jpg
[2012/12/03 15:46:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/12/03 15:28:42 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2012/12/03 10:41:13 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/12/03 10:41:13 | 000,001,848 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/12/03 00:22:14 | 000,236,549 | ---- | M] () -- C:\Users\bigred\Desktop\Design Your Own Barnes & Noble NOOK Tablet Custom Skin - Barnes & Noble NOOK Tablet.htm
[2012/12/02 16:11:30 | 000,194,302 | ---- | M] () -- C:\Users\bigred\Desktop\EZTV - TV Torrents Online.htm
[2012/12/01 21:00:32 | 000,029,135 | ---- | M] () -- C:\Users\bigred\Desktop\GE Defrost-Heater-Assembly-Manufacturer Number WR51X10101.jpg
[2012/11/28 16:15:29 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/11/27 17:35:14 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigred.job
[2012/11/27 17:22:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/26 11:12:42 | 000,321,384 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll
[2012/11/20 19:43:35 | 000,000,318 | ---- | M] () -- C:\Users\bigred\Desktop\Curse Client.appref-ms
[2012/11/19 11:44:05 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/11/19 11:39:58 | 000,007,520 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/11/16 12:16:40 | 005,015,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/09 22:29:45 | 000,100,796 | ---- | C] () -- C:\Users\bigred\Desktop\Las Vegas Trade Shows Gift Shows ASD LV.htm
[2012/12/09 14:19:21 | 000,102,921 | ---- | C] () -- C:\Users\bigred\Desktop\Call of Cthulhu Related Texts The Necronomicon pdf - Free Download from crocko - FilesTube.com.htm
[2012/12/09 12:46:12 | 000,056,868 | ---- | C] () -- C:\Users\bigred\Desktop\Van-Van Annointing Oil.htm
[2012/12/08 13:45:01 | 000,114,305 | ---- | C] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents of England.htm
[2012/12/08 13:43:44 | 000,084,960 | ---- | C] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Russia.htm
[2012/12/08 13:43:23 | 000,087,283 | ---- | C] () -- C:\Users\bigred\Desktop\IDEA - Dialects & Accents Of Scotland.htm
[2012/12/08 12:20:50 | 000,130,135 | ---- | C] () -- C:\Users\bigred\Desktop\Parent Trap 3 and 4 Hawaiian Honeymoon DVD set FREE SHIPPING WORLDWIDE for sale (23XQVZ) Sell.com.htm
[2012/12/08 12:19:21 | 000,153,604 | ---- | C] () -- C:\Users\bigred\Desktop\The Parent Trap 3 & 4 Hawaiian Honeymoon for sale.htm
[2012/12/07 04:26:59 | 000,143,794 | ---- | C] () -- C:\Users\bigred\Desktop\Animal Totems and Animal Symbolism.htm
[2012/12/06 22:20:57 | 000,032,143 | ---- | C] () -- C:\Users\bigred\Desktop\thru_the_years.htm
[2012/12/06 22:20:20 | 000,077,101 | ---- | C] () -- C:\Users\bigred\Desktop\66 chevelle SS 396 003.jpg
[2012/12/06 21:03:12 | 000,144,104 | ---- | C] () -- C:\Users\bigred\Desktop\Appliance Parts Center Las Vegas.htm
[2012/12/06 17:59:32 | 000,175,838 | ---- | C] () -- C:\Users\bigred\Desktop\Identify Animal Totems.htm
[2012/12/06 17:57:35 | 000,105,626 | ---- | C] () -- C:\Users\bigred\Desktop\Animal Totem - How to find your Animal Totem.htm
[2012/12/06 17:45:43 | 000,086,348 | ---- | C] () -- C:\Users\bigred\Desktop\Native American Indian Crafts, Craft Supplies - FREE Patterns.htm
[2012/12/06 12:50:12 | 000,086,898 | ---- | C] () -- C:\Users\bigred\Desktop\CyberMoon Emporium WitchCraft Supplies Premier WitchCraft Store, Wiccan Supplies Store, Metaphysical Supplies Store, Occult Supplies Store, New Age Supplies Store, wiccan jewelry, Witch Supplies, Witch Store, witch jewelry, Pagan.htm
[2012/12/05 17:04:59 | 000,146,020 | ---- | C] () -- C:\Users\bigred\Desktop\Heaven and Earth Jewelry - Crystal & Mineral Gallery.htm
[2012/12/04 14:16:32 | 000,292,729 | ---- | C] () -- C:\Users\bigred\Desktop\lectra modaris v6 - Google Search.htm
[2012/12/04 14:16:20 | 000,102,628 | ---- | C] () -- C:\Users\bigred\Desktop\Apparel design, cutting machine and fashion plm solutions.htm
[2012/12/04 02:07:50 | 000,049,035 | ---- | C] () -- C:\Users\bigred\Desktop\309110_10151107589842644_1856268295_n.jpg
[2012/12/03 15:46:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/12/03 15:30:12 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2012/12/03 15:30:09 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/12/03 15:28:42 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2012/12/03 00:22:11 | 000,236,549 | ---- | C] () -- C:\Users\bigred\Desktop\Design Your Own Barnes & Noble NOOK Tablet Custom Skin - Barnes & Noble NOOK Tablet.htm
[2012/12/02 16:11:30 | 000,194,302 | ---- | C] () -- C:\Users\bigred\Desktop\EZTV - TV Torrents Online.htm
[2012/12/01 21:00:32 | 000,029,135 | ---- | C] () -- C:\Users\bigred\Desktop\GE Defrost-Heater-Assembly-Manufacturer Number WR51X10101.jpg
[2012/11/27 17:22:55 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/20 21:22:07 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2012/11/20 21:22:07 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2012/11/20 19:43:35 | 000,000,318 | ---- | C] () -- C:\Users\bigred\Desktop\Curse Client.appref-ms
[2012/11/19 11:44:05 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/11/19 11:39:58 | 000,007,520 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/11/16 02:01:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 01:48:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/08/08 18:57:57 | 000,027,520 | ---- | C] () -- C:\Users\bigred\AppData\Local\dt.dat
[2012/07/26 20:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\kkwzdpqb.dll
[2012/07/09 23:06:54 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 17:14:40 | 000,172,776 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/06/12 17:14:40 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/03/03 00:06:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/13 17:41:52 | 000,870,128 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\mcs.rma
[2012/02/13 17:41:52 | 000,000,004 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\F6BFEF
[2011/12/24 06:16:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/22 00:53:36 | 000,006,144 | ---- | C] () -- C:\Users\bigred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 21:25:15 | 000,000,218 | ---- | C] () -- C:\Users\bigred\.recently-used.xbel
[2011/03/22 17:52:53 | 000,001,854 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\GhostObjGAFix.xml
[2011/02/26 00:48:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 14:44:34 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/02/08 02:29:55 | 001,189,163 | ---- | C] () -- C:\Users\bigred\fileurns.cache
[2011/02/08 02:29:25 | 000,665,887 | ---- | C] () -- C:\Users\bigred\createtimes.cache
[2011/02/08 02:29:24 | 001,048,693 | ---- | C] () -- C:\Users\bigred\library5.dat
[2011/02/08 02:29:24 | 000,002,826 | ---- | C] () -- C:\Users\bigred\limewire.props
[2011/02/08 02:29:24 | 000,000,312 | ---- | C] () -- C:\Users\bigred\mojito.props
[2011/02/02 11:24:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/29 12:22:08 | 000,205,380 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/01/29 12:22:08 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/01/26 20:42:44 | 000,776,806 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2011/05/10 20:28:04 | 000,000,212 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3343391003-4272309500-464388543-1000\$R55Q2NO\l.gif
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/21 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\.minecraft
[2011/05/07 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Aventail
[2012/09/26 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\AVG2013
[2012/12/09 03:30:16 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Azureus
[2012/11/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Babylon
[2012/07/02 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Barnes & Noble
[2012/12/01 21:08:23 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BeadTool
[2011/05/10 23:54:03 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Cache
[2012/06/03 11:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DriverCure
[2012/03/30 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\EuroTalk
[2011/02/15 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\FrostWire
[2012/11/20 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GlarySoft
[2011/06/27 07:18:02 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\go
[2011/06/07 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\inkscape
[2011/03/26 01:01:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\InterTrust
[2011/04/28 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\MusicNet
[2011/04/28 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\OpenCandy
[2011/05/08 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\OpenOffice.org
[2012/03/14 18:39:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SoftGrid Client
[2012/06/03 11:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SpeedyPC Software
[2012/12/10 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Spotify
[2011/02/09 17:12:32 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/15 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TP
[2012/09/26 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TuneUp Software
[2011/01/31 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Uniblue
[2011/01/24 15:29:23 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\WildTangent
[2011/03/21 19:41:22 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (5.0.1)
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


# AdwCleaner v2.100 - Logfile created 12/11/2012 at 15:55:10
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bigred - BIGRED-HP
# Boot Mode : Normal
# Running from : C:\Users\bigred\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : Web Assistant Updater
Stopped & Deleted : WebOptimizer

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
File Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Conduit.xml
File Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\bigred\AppData\Local\APN
Folder Deleted : C:\Users\bigred\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\bigred\AppData\Local\Conduit
Folder Deleted : C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\bigred\AppData\Local\OpenCandy
Folder Deleted : C:\Users\bigred\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\bigred\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bigred\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\bigred\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\bigred\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\bigred\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\bigred\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\bigred\AppData\Roaming\Babylon
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\ConduitCommon
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\CT2504091
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\CT3059010
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\CT3198785
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\mediabarim
Folder Deleted : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\Smartbar
Folder Deleted : C:\Users\bigred\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{247998EF-ECF3-4A1A-8555-51CF81F6B65B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{247998EF-ECF3-4A1A-8555-51CF81F6B65B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{247998EF-ECF3-4A1A-8555-51CF81F6B65B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{310E0674-F3F6-46AA-86B1-14CC60D266E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9A3595-FA83-4454-A23B-31697C18FF70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110803&tt=4712_3&babsrc=HP_ss&mntrId=2e109f21000000000000c0cb3865fdbb --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com

-\\ Mozilla Firefox v5.0.1 (en-US)

Profile name : default
File : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\prefs.js

C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\user.js ... Deleted !

Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.AppTrackingLastCheckTime", "Fri Mar 16 2012 05:33:26 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "12-10-2012");
Deleted : user_pref("CT2504091.DSInstall", true);
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Oct 11 2012 12:01:57 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Fri Mar 16 2012 05:32:53 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Mar 16 2012 05:33:25 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Mar 16 2012 05:33:25 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "20-12-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HPInstall", true);
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2504091.HomepageBeforeUnload", "hxxp://search.imesh.com");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Tue Dec 20 2011 01:42:01 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2504091.IsAlertDBUpdated", true);
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.IsProtectorsInit", true);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Oct 11 2012 12:01:53 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Fri Sep 07 2012 10:30:55 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Fri Oct 12 2012 09:54:38 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.8.1.0", "Fri Mar 16 2012 05:33:09 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2504091.SavedHomepage", "hxxp://search.imesh.com");
Deleted : user_pref("CT2504091.SearchCaption", "Web Search");
Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "Web Search");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Oct 11 2012 12:01:51 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2504091.SearchProtectorEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Oct 11 2012 12:01:50 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Fri Oct 12 2012 09:54:35 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1349971418");
Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Mar 06 2012 05:46:43 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN83903026629598664");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "467269204D617220313620323031322030353A33333A33332[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "53756E2053657020303920323031322030333A[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2504091.components.129079840422182852", true);
Deleted : user_pref("CT2504091.components.129079849636241789", false);
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Fri Mar 16 2012 05:33:04 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...]
Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Oct 11 2012 12:01:53 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Tue Mar 06 2012 05:46:44 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2504091.undefined", "Tue Dec 20 2011 01:42:03 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2504091.usagesFlag", 2);
Deleted : user_pref("CT3059010..clientLogIsEnabled", false);
Deleted : user_pref("CT3059010..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3059010..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3059010.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3059010.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3059010.AppTrackingLastCheckTime", "Fri Mar 16 2012 05:33:28 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3059010.BrowserCompStateIsOpen_129682606974435364", true);
Deleted : user_pref("CT3059010.CTID", "CT3059010");
Deleted : user_pref("CT3059010.CurrentServerDate", "12-10-2012");
Deleted : user_pref("CT3059010.DSInstall", true);
Deleted : user_pref("CT3059010.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3059010.DialogsGetterLastCheckTime", "Thu Oct 11 2012 12:01:53 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3059010.DownloadReferralCookieData", "");
Deleted : user_pref("CT3059010.EMailNotifierPollDate", "Fri Mar 16 2012 05:33:10 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3059010.FirstServerDate", "12-1-2012");
Deleted : user_pref("CT3059010.FirstTime", true);
Deleted : user_pref("CT3059010.FirstTimeFF3", true);
Deleted : user_pref("CT3059010.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3059010.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3059010.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3059010.HPInstall", true);
Deleted : user_pref("CT3059010.HasUserGlobalKeys", true);
Deleted : user_pref("CT3059010.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3059010.HomepageBeforeUnload", "hxxp://search.imesh.com");
Deleted : user_pref("CT3059010.Initialize", true);
Deleted : user_pref("CT3059010.InitializeCommonPrefs", true);
Deleted : user_pref("CT3059010.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3059010.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT3059010.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3059010.InstalledDate", "Wed Jan 11 2012 16:11:35 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT3059010.InvalidateCache", false);
Deleted : user_pref("CT3059010.IsAlertDBUpdated", true);
Deleted : user_pref("CT3059010.IsGrouping", false);
Deleted : user_pref("CT3059010.IsInitSetupIni", true);
Deleted : user_pref("CT3059010.IsMulticommunity", false);
Deleted : user_pref("CT3059010.IsOpenThankYouPage", false);
Deleted : user_pref("CT3059010.IsOpenUninstallPage", true);
Deleted : user_pref("CT3059010.IsProtectorsInit", true);
Deleted : user_pref("CT3059010.LanguagePackLastCheckTime", "Thu Oct 11 2012 12:01:52 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3059010.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3059010.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3059010.LastLogin_3.10.0.1", "Fri Mar 16 2012 05:33:26 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.LastLogin_3.14.1.0", "Fri Sep 07 2012 10:30:54 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.LastLogin_3.15.1.0", "Fri Oct 12 2012 09:54:34 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.LastLogin_3.8.1.0", "Tue Mar 06 2012 05:46:46 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT3059010.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3059010.Locale", "en");
Deleted : user_pref("CT3059010.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3059010.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT3059010.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3059010.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3059010.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT3059010.RadioIsPodcast", false);
Deleted : user_pref("CT3059010.RadioLastCheckTime", "Fri Mar 16 2012 05:33:26 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3059010.RadioLastUpdateServer", "129557451676770000");
Deleted : user_pref("CT3059010.RadioMediaID", "21922135");
Deleted : user_pref("CT3059010.RadioMediaType", "Media Player");
Deleted : user_pref("CT3059010.RadioMenuSelectedID", "EBRadioMenu_CT305901021922135");
Deleted : user_pref("CT3059010.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3059010.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT3059010.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT3059010.SavedHomepage", "hxxp://search.imesh.com");
Deleted : user_pref("CT3059010.SearchCaption", "Vgrabber Customized Web Search");
Deleted : user_pref("CT3059010.SearchEngineBeforeUnload", "Vgrabber Customized Web Search");
Deleted : user_pref("CT3059010.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3059010.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT305[...]
Deleted : user_pref("CT3059010.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3059010.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3059010.SearchInNewTabLastCheckTime", "Thu Oct 11 2012 12:01:50 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3059010.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3059010.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3059010.SearchProtectorEnabled", true);
Deleted : user_pref("CT3059010.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3059010.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3059010.ServiceMapLastCheckTime", "Thu Oct 11 2012 12:01:49 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3059010.SettingsLastCheckTime", "Fri Oct 12 2012 09:54:30 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3059010.SettingsLastUpdate", "1349970965");
Deleted : user_pref("CT3059010.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3059010&SearchSource=13");
Deleted : user_pref("CT3059010.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3059010.ThirdPartyComponentsLastCheck", "Tue Mar 06 2012 05:46:45 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT3059010.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3059010.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3059010.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3059010");
Deleted : user_pref("CT3059010.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3059010.UserID", "UN91974009507248262");
Deleted : user_pref("CT3059010.WeatherNetwork", "");
Deleted : user_pref("CT3059010.WeatherPollDate", "Fri Mar 16 2012 05:33:28 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3059010.WeatherUnit", "F");
Deleted : user_pref("CT3059010.alertChannelId", "1450550");
Deleted : user_pref("CT3059010.backendstorage.cbfirsttime", "576564204A616E20313120323031322031363A31313A35352[...]
Deleted : user_pref("CT3059010.backendstorage.shoppingapp.gk.exipres", "53756E2053657020303920323031322030333A[...]
Deleted : user_pref("CT3059010.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT3059010.backendstorage.url_history0001", "687474703A2F2F766964656F2E786E78782E636F6D2F6[...]
Deleted : user_pref("CT3059010.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3059010.globalFirstTimeInfoLastCheckTime", "Fri Mar 16 2012 05:33:25 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3059010.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3059010.initDone", true);
Deleted : user_pref("CT3059010.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3059010.isFirstRadioInstallation", false);
Deleted : user_pref("CT3059010.myStuffEnabled", true);
Deleted : user_pref("CT3059010.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3059010.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3059010.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3059010.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3059010.oldAppsList", "10000001,10000002,111,129559884184450601,129559884345153249,1295[...]
Deleted : user_pref("CT3059010.revertSettingsEnabled", false);
Deleted : user_pref("CT3059010.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3059010.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3059010.testingCtid", "");
Deleted : user_pref("CT3059010.toolbarAppMetaDataLastCheckTime", "Thu Oct 11 2012 12:01:52 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3059010.toolbarContextMenuLastCheckTime", "Tue Mar 06 2012 05:46:46 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3059010.usagesFlag", 2);
Deleted : user_pref("CT3198785.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3198785.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3198785.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3198785.FirstTime", "true");
Deleted : user_pref("CT3198785.FirstTimeFF3", "true");
Deleted : user_pref("CT3198785.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Deleted : user_pref("CT3198785.UserID", "UN19408379263253141");
Deleted : user_pref("CT3198785.UserId", "9f948b94-4b64-6b55-14d4-fbd8c64b1826");
Deleted : user_pref("CT3198785.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3198785.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3198785.cbcountry_001", "US");
Deleted : user_pref("CT3198785.cbfirsttime", "Fri Aug 17 2012 10:53:49 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3198785.defaultSearch", "true");
Deleted : user_pref("CT3198785.embeddedsData", "[{\"appId\":\"129761883813986480\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3198785.enableAlerts", "always");
Deleted : user_pref("CT3198785.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3198785.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3198785.fixPageNotFoundError", "true");
Deleted : user_pref("CT3198785.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3198785.fixUrls", true);
Deleted : user_pref("CT3198785.hxxp___api15_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___api20_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___api28_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___api30_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___api31_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___api32_starwebnet_com.pid2", "fcbfbd90c656adf8");
Deleted : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Deleted : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Deleted : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Deleted : user_pref("CT3198785.hxxp___toolbar_jollywallet_com_tlb_2.lastAccess", "2012-9-12");
Deleted : user_pref("CT3198785.installId", "155");
Deleted : user_pref("CT3198785.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3198785.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.isNewTabEnabled", true);
Deleted : user_pref("CT3198785.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3198785.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3198785.keyword", true);
Deleted : user_pref("CT3198785.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3198785.openThankYouPage", "false");
Deleted : user_pref("CT3198785.openUninstallPage", "true");
Deleted : user_pref("CT3198785.search.searchAppId", "129761883813986480");
Deleted : user_pref("CT3198785.search.searchCount", "0");
Deleted : user_pref("CT3198785.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3198785.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3198785.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3198785.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3198785.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3198785.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349982354635");
Deleted : user_pref("CT3198785.serviceLayer_services_appTracking_lastUpdate", "1346755371083");
Deleted : user_pref("CT3198785.serviceLayer_services_appsMetadata_lastUpdate", "1349982232907");
Deleted : user_pref("CT3198785.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349982354538");
Deleted : user_pref("CT3198785.serviceLayer_services_login_10.10.20.14_lastUpdate", "1347043686703");
Deleted : user_pref("CT3198785.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350060998567");
Deleted : user_pref("CT3198785.serviceLayer_services_optimizer_lastUpdate", "1346755349081");
Deleted : user_pref("CT3198785.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349982355125");
Deleted : user_pref("CT3198785.serviceLayer_services_searchAPI_lastUpdate", "1349982234435");
Deleted : user_pref("CT3198785.serviceLayer_services_serviceMap_lastUpdate", "1349982232804");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349982354262");
Deleted : user_pref("CT3198785.serviceLayer_services_toolbarSettings_lastUpdate", "1350060998908");
Deleted : user_pref("CT3198785.serviceLayer_services_translation_lastUpdate", "1349982233062");
Deleted : user_pref("CT3198785.settingsINI", true);
Deleted : user_pref("CT3198785.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3198785.smartbar.CTID", "CT3198785");
Deleted : user_pref("CT3198785.smartbar.Uninstall", "0");
Deleted : user_pref("CT3198785.smartbar.homepage", true);
Deleted : user_pref("CT3198785.smartbar.toolbarName", "WhiteSmoke US ");
Deleted : user_pref("CT3198785.toolbarBornServerTime", "17-8-2012");
Deleted : user_pref("CT3198785.toolbarCurrentServerTime", "12-10-2012");
Deleted : user_pref("CT3198785.url_history0001", "hxxps://www.google.com:::clickhandler:::1347039103399,,,hxxp[...]
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2504091&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Web Search,Vgrabber Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3059010/CT3059010[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1450550/1446205/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3059010", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3059010",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"abd[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\bigred\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT3059010");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT3059010");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091,CT3059010");
Deleted : user_pref("CommunityToolbar.globalUserId", "7ce64001-bbd2-4302-992e-5a0d762f50fe");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3059010");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 16 2012 05:33:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Mar 16 2012 05:33:24 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Mar 16 2012 05:33:20 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "53d617a2-21d5-478c-9b13-a4ddf946e826");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.imesh.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search Results");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=2[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3198785");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.34");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110803&tt=4712_3&babsrc=HP_s[...]
Deleted : user_pref("extensions.4f85d7b5ec123.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.enabledAddons", "{5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.3.0,{82AF8DCA-6DE9-4[...]
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10658");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "1CC65EAD951953660F3D2B790C65B2A7");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "2e109f21000000000000c0cb3865fdbb");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15548");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:17:00");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Ae1FoEN&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8Ae1FoEN");
Deleted : user_pref("extensions.incredibar.upn2n", "92824775449413705");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:17:00");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "2e109f21000000000000c0cb3865fdbb");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15548");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Ae1FoEN&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8Ae1FoEN");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824775449413705");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:17:00");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.wajam.affiliate_id", "3004");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.trace_log", "1344287727972 - onFlagInfoReceived - Server mapping version[...]
Deleted : user_pref("extensions.wajam.unique_id", "11BA3225CE90C4F13C14CB096372C9DC");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.25");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110803&tt=4712_3&babsrc=KW_ss&mntrId=2e10[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.conduit.c[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.condu[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110803&tt=4712_3&babsrc=NT_ss&mntr[...]

-\\ Google Chrome v23.0.1271.95

File : C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [60923 octets] - [11/12/2012 15:55:10]

########## EOF - C:\AdwCleaner[S1].txt - [60984 octets] ##########


RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bigred [Admin rights]
Mode : Remove -- Date : 12/11/2012 16:35:17

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] spotify.exe -- C:\Users\bigred\AppData\Roaming\Spotify\spotify.exe -> KILLED [TermThr]
[SUSP PATH] FacebookMessenger.exe -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\bigred\AppData\Local\Apps\2.0\2D2EADYV.2JY\HL5GRLMB.VML\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> DELETED
[STARTUP][SUSP PATH] Facebook Messenger.lnk @bigred : C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360} : NameServer (216.146.35.240,216.146.36.240,68.105.28.12,68.105.29.12,68.105.28.11) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360} : NameServer (216.146.35.240,216.146.36.240,68.105.28.12,68.105.29.12,68.105.28.11) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] 9ef5a024b5c451a93d3f8e8db7589fb3
[BSP] aa34cc5f56282d12308180b2c9dae5ac : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459214 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940879872 | Size: 17422 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12112012_02d1635.txt >>
RKreport[1]_S_12112012_02d1634.txt ; RKreport[2]_D_12112012_02d1635.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP