Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Rootkit


  • Please log in to reply

#1
Earthless94

Earthless94

    Member

  • Member
  • PipPip
  • 21 posts
So yesterday avast randomly popped up with a warning saying it had found a possible root kit and wanted to run a boot-time scan to get rid of it, but after it finished with that it said it didn't find anything. My computers been running ridiculously slow after all of this and was wondering if you guys could possibly help me by making sure I really don't have one and if I do help me get rid of it.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Earthless94,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by test (administrator) on 06-06-2013 14:38:07
Running from C:\Users\test\Pictures
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Starfield Technologies, Inc.) C:\Program Files\Workspace\offSyncService.exe
(New Softwares.net) C:\Windows\system32\WinFLService.exe
(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
( ) C:\Windows\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Wajam) C:\Program Files\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Iminent) C:\Program Files\Iminent\Iminent.Messengers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files\SelectRebates\SelectRebates.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\test\AppData\Local\Akamai\netsession_win.exe
( New Softwares.net) C:\Windows\System32\WinFLTray.exe
(Skillbrains) C:\Users\test\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
(New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
( New Softwares.net) C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
(Akamai Technologies, Inc.) C:\Users\test\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Last.fm) C:\Program Files\Last.fm\Last.fm Scrobbler.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(LOL Replay) C:\Program Files\LOLReplay\LOLRecorder.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\update\realsched.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [273528 2011-08-19] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1073744 2012-04-27] (Iminent)
HKLM\...\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe /startup [884816 2012-04-27] (Iminent)
HKLM\...\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM\...\Run: [SMessaging] C:\Users\test\AppData\Local\Strongvault Online Backup\SMessaging.exe [x]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1298240 2013-05-15] (Spigot, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation)
HKCU\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\test\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-03] (Google Inc.)
HKCU\...\Run: [Facebook Update] "C:\Users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-27] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\test\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-01] ()
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [LightShot] C:\Users\test\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [226152 2013-02-21] ()
HKCU\...\Run: [WinFLTray] C:\Windows\system32\WinFLTray.exe [321736 2013-05-31] ( New Softwares.net)
HKCU\...\Run: [FLBackup] C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-05-31] (New Softwares.net)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -update plugin [699400 2013-01-21] (Adobe Systems Incorporated)
MountPoints2: L - L:\PcOptions.exe
MountPoints2: {0f041702-292b-11e1-a0e2-002197322d2e} - E:\PcOptions.exe
MountPoints2: {85dce68e-cb21-11dd-94b3-806e6f6e6963} - D:\autorun.exe
MountPoints2: {c02cd630-059f-11e1-a75d-002197322d2e} - L:\PcOptions.exe
HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-02-25] (Google Inc.)
HKU\Admin\...\Run: [0c838dfbdedb073d6dc42793823cf79a] C:\Users\Admin\DOWNLO~1\ZUMASR~2.EXE /r [ 2010-07-27] (RealNetworks, Inc.)
HKU\Admin\...\Run: [cdloader] "C:\Users\Admin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [ 2011-05-16] (magicJack L.P.)
HKU\Admin\...\Run: [Starfield Updater] "C:\Users\Admin\AppData\Local\Workspace\workspaceupdate.exe" [x]
HKU\Admin\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [x]
HKU\Admin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Admin\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2013-01-01] ()
HKU\Admin\...\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [ 2011-07-25] (Sony Ericsson)
HKU\Tess\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Tess\...\Run: [cdloader] "C:\Users\Tess\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [ 2010-12-03] (magicJack L.P.)
HKU\Tess\...\Run: [Google Update] "C:\Users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2011-06-18] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3244149
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
URLSearchHook: (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
URLSearchHook: FCToolbarURLSearchHook Class - {7d139a74-4e4b-d0d4-6dc7-30168d640ee9} - C:\Program Files\Bucksbee Loyalty Plugin - Guppy Media\Helper.dll ()
URLSearchHook: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\test\AppData\LocalLow\CT2269050\ldrtbDVDV.dll ()
SearchScopes: HKLM - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminen...q={searchTerms}
HKCU SearchScopes: DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...6PQGSuN1uE&i=26
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekko.com/?s...q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminen...q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80465&lng=en
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incre...6PQGSuN1uE&i=26
SearchScopes: HKCU - {E40335A5-029C-48AA-A002-59F9225BB65E} URL = http://search.yahoo....p={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: Coupon Companion - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll (215 Apps)
BHO: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
BHO: Deals Plugin Extension - {11111111-1111-1111-1111-110211181106} - C:\Program Files\Deals Plugin Extension\Deals Plugin Extension.dll (215 Apps)
BHO: PriceGongBHO Class - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll No File
BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
BHO: Bucksbee Loyalty Plugin - Guppy Media - {652B399A-4CE6-ADF4-C9A0-DAE7374EE2FE} - C:\Program Files\Bucksbee Loyalty Plugin - Guppy Media\BucksBee Loyalty Plugin.dll (Freecause Inc.)
BHO: iPhone OS 3 Toolbar - {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll (Conduit Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\test\AppData\LocalLow\CT2269050\ldrtbDVDV.dll ()
BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (Brand Affinity Technologies)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
BHO: ShopAtHomeIEHelper Class - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - iPhone OS 3 Toolbar - {74714d77-1695-4e73-a98e-25cb374f46b4} - C:\Program Files\iPhone_OS_3\tbiPho.dll (Conduit Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" No File
Toolbar: HKLM - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM - ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
Toolbar: HKLM - WhiteSmoke US New Toolbar - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\test\AppData\LocalLow\CT2269050\ldrtbDVDV.dll ()
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU -iPhone OS 3 Toolbar - {74714D77-1695-4E73-A98E-25CB374F46B4} - C:\Program Files\iPhone_OS_3\tbiPho.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -uTorrentBar Toolbar - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU -WhiteSmoke US New Toolbar - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files\WhiteSmoke_US_New\prxtbWhit.dll (Conduit Ltd.)
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Users\test\AppData\LocalLow\CT2269050\ldrtbDVDV.dll ()
PDF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default
FF Homepage: hxxp://search.iminent.com/?appId=936bb1a8-0327-4659-861d-c3da539d37f8&lcid=1033&ref=homepage
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.666 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.666 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: softonic.com - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: SelectionLinks - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: Yontoo - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: ShopAtHome.com Intelligent Shopping Toolbar - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: DVDVideoSoftTB - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: uTorrentBar Community Toolbar - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF Extension: IMinent Toolbar - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: wtxpcom - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: ytd - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{eb89481f-b768-7634-b5cf-43541d908c44}.xpi

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
CHR RestoreOnStartup: "hxxp://mysearch.avg.com/?cid={25D2A92D-18B8-4879-A09B-86286FCB24A3}&mid=6a701d80af2047d3aa42d168d1d6c4dd-4dec49aa81c4777199b547a92e83b151ddf97d92&lang=en&ds=sf011&pr=sa&d=2013-02-17 08:52:38&v=14.2.0.1&pid=safeguard&sg=1&sap=hp"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\test\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Deals Plugin Extension) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf\1.23.51_0
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! WebRep) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Coupon Companion Plugin) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.23.52_0
CHR Extension: (Wajam) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (Deals Plugin) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme\1.23.87_0
CHR Extension: (SelectionLinks) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjkgfgkopgmemahphckephbbeaamgma\4.2_0
CHR Extension: (AVG SafeGuard toolbar) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [806776 2013-05-15] (Spigot, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
S3 CVCompressionService; C:\Program Files\CVision\Services\CVCompressionService.exe [184320 2008-03-08] (CVISION Technologies)
R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1215216 2011-02-02] (Starfield Technologies, Inc.)
R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [16896 2013-01-23] (Brand Affinity Technologies)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
R3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-22] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [229376 2011-04-08] (Puran Software)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
R2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-03-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-06] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-30] (Avanquest Software)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35560 2012-08-01] (AnchorFree Inc.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 NEWDRIVER; C:\Windows\system32\WinVDEdrv6.sys [188176 2013-05-31] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [62464 2007-09-27] (silex technology, Inc.)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-05-31] ()
R2 WinVDEDrv; C:\Windows\system32\WinVDEdrv.sys [228112 2013-05-31] (NewSoftwares.net, Inc.)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 XDva390; \??\C:\Windows\system32\XDva390.sys [x]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [x]
S3 XDva392; \??\C:\Windows\system32\XDva392.sys [x]
S3 XDva393; \??\C:\Windows\system32\XDva393.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 14:37 - 2013-06-06 14:37 - 00000000 ____D C:\FRST
2013-06-04 14:39 - 2013-06-04 14:39 - 00001741 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2013-06-03 00:51 - 2013-06-04 01:02 - 00001213 __ASH C:\Users\test\AppData\Local\win_fldb_sys.dat
2013-06-03 00:51 - 2013-06-04 01:02 - 00000693 __ASH C:\Windows\System32\win_fldb_sys.dat
2013-06-03 00:50 - 2013-06-04 00:23 - 00000700 __ASH C:\Users\test\AppData\Local\systemFL7.dat
2013-06-01 21:29 - 2013-06-01 21:30 - 00000000 ____D C:\Program Files\Application Updater
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\YTD Toolbar
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-05-31 22:57 - 2013-05-31 22:57 - 00002301 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2013-05-31 22:57 - 2013-05-31 22:57 - 00000000 __SHD C:\Program Files\%APPDATA%
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\Documents\My Spore Creations
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\AppData\Roaming\SPORE Creature Creator
2013-05-31 19:39 - 2013-05-31 19:39 - 00002568 __ASH C:\ProgramData\win_mpwd_sys.dat
2013-05-31 19:34 - 2013-06-04 00:23 - 00003465 __ASH C:\Windows\System32\win_stlthdb_sys.dat
2013-05-31 19:34 - 2013-06-04 00:23 - 00003465 __ASH C:\Users\test\AppData\Local\win_stlthdb_sys.dat
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTrayShred.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTray.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00228112 ____A (NewSoftwares.net, Inc.) C:\Windows\System32\WinVDEdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00188176 ____A C:\Windows\System32\WinVDEdrv6.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00092360 ____A (New Softwares.net) C:\Windows\System32\WinFLService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00040960 ____A C:\Windows\System32\nwsftUninstall.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00029184 ____A C:\Windows\System32\WinFLAdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00014024 ____A C:\Windows\System32\WinFLMsgService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00000995 ____A C:\Users\Public\Desktop\Folder Lock.lnk
2013-05-31 19:34 - 2013-05-31 19:34 - 00000000 ____D C:\Program Files\NewSoftware's
2013-05-26 17:13 - 2013-06-03 18:21 - 00000000 ____D C:\Minetest
2013-05-26 15:42 - 2013-05-26 15:49 - 00000000 ____D C:\Manic Digger
2013-05-26 14:05 - 2013-05-26 14:05 - 00000000 ____D C:\Users\test\wurm
2013-05-26 14:04 - 2013-05-26 14:04 - 00002061 ____A C:\Users\test\Desktop\Wurm Online.lnk
2013-05-26 13:39 - 2013-05-26 14:05 - 00000000 ____D C:\BrickForce
2013-05-21 16:58 - 2013-05-21 16:58 - 00011357 ____A C:\Users\test\Documents\blank.jpeg
2013-05-21 03:02 - 2013-05-21 03:02 - 00000000 ____D C:\Windows\System32\cache
2013-05-18 21:18 - 2013-05-18 21:18 - 00006002 ____A C:\Users\test\Desktop\Router_Setup.html
2013-05-18 21:18 - 2010-06-30 01:27 - 00000172 ___RA C:\Users\test\Desktop\Router Login.url
2013-05-18 19:46 - 2010-06-30 01:27 - 00049904 ___RA (Avanquest Software) C:\Windows\System32\Drivers\BVRPMPR5.SYS
2013-05-18 19:44 - 2013-05-18 21:46 - 00000000 ____D C:\Netgear
2013-05-16 03:11 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:11 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:02 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:02 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:02 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:02 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:02 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:02 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:02 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:02 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:02 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:02 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:02 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:02 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:02 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:02 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:31 - 2013-04-15 07:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 14:31 - 2013-04-13 03:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 14:31 - 2013-04-08 18:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 17:48 - 2013-05-13 17:48 - 00000914 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____A C:\Users\test\Desktop\New WinZip Zipx File.zipx
2013-05-09 14:10 - 2013-05-09 14:10 - 00000000 ____D C:\Users\test\AppData\Local\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\Program Files\SplitMediaLabs
2013-05-09 14:05 - 2013-05-09 14:05 - 00000000 ____D C:\Users\test\AppData\Roaming\SplitMediaLabs

==================== One Month Modified Files and Folders ========

2013-06-06 14:38 - 2011-10-27 13:28 - 00000000 ____D C:\Users\test\AppData\Local\Last.fm
2013-06-06 14:37 - 2013-06-06 14:37 - 00000000 ____D C:\FRST
2013-06-06 14:34 - 2011-06-18 23:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007UA.job
2013-06-06 14:31 - 2012-07-16 04:47 - 00000000 ____D C:\Users\test\AppData\Roaming\Skype
2013-06-06 14:31 - 2011-10-26 22:51 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-06-06 14:31 - 2011-07-28 17:37 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-06 14:30 - 2006-11-02 05:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-06 14:30 - 2006-11-02 05:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-06 14:05 - 2011-11-03 16:48 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
2013-06-06 13:51 - 2012-06-02 13:25 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
2013-06-06 13:47 - 2010-02-02 08:59 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-06 13:41 - 2010-02-25 13:39 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000UA.job
2013-06-06 13:02 - 2008-01-20 18:35 - 01772087 ____A C:\Windows\WindowsUpdate.log
2013-06-06 12:06 - 2012-11-21 22:58 - 00000000 ____D C:\Users\test\AppData\Local\Akamai
2013-06-06 11:51 - 2013-04-01 21:50 - 00000374 ____A C:\Windows\Tasks\update-sys.job
2013-06-06 11:10 - 2013-04-01 21:50 - 00000374 ____A C:\Windows\Tasks\update-S-1-5-21-4173232996-1987906121-3502484201-1013.job
2013-06-06 03:08 - 2010-02-02 08:59 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-06 01:05 - 2011-11-03 16:48 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
2013-06-06 00:59 - 2009-04-24 10:02 - 00000328 ____A C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2013-06-05 18:59 - 2010-10-01 15:41 - 00000254 ____A C:\Windows\Tasks\RMSchedule.job
2013-06-05 18:42 - 2010-02-25 13:39 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000Core.job
2013-06-05 17:59 - 2009-10-19 14:05 - 00000442 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-06-05 17:34 - 2011-06-18 23:00 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007Core.job
2013-06-05 16:51 - 2012-06-02 13:25 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
2013-06-04 18:10 - 2011-11-03 16:49 - 00002075 ____A C:\Users\test\Desktop\Google Chrome.lnk
2013-06-04 14:39 - 2013-06-04 14:39 - 00001741 ____A C:\Users\Public\Desktop\LOL Recorder.lnk
2013-06-04 14:39 - 2013-03-31 14:54 - 00000000 ____D C:\Program Files\LOLReplay
2013-06-04 07:29 - 2011-11-07 16:34 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps
2013-06-04 03:15 - 2010-09-30 15:17 - 00182061 ____A C:\Windows\offSyncService.log
2013-06-04 03:14 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 02:09 - 2006-11-02 06:01 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-04 01:02 - 2013-06-03 00:51 - 00001213 __ASH C:\Users\test\AppData\Local\win_fldb_sys.dat
2013-06-04 01:02 - 2013-06-03 00:51 - 00000693 __ASH C:\Windows\System32\win_fldb_sys.dat
2013-06-04 00:23 - 2013-06-03 00:50 - 00000700 __ASH C:\Users\test\AppData\Local\systemFL7.dat
2013-06-04 00:23 - 2013-05-31 19:34 - 00003465 __ASH C:\Windows\System32\win_stlthdb_sys.dat
2013-06-04 00:23 - 2013-05-31 19:34 - 00003465 __ASH C:\Users\test\AppData\Local\win_stlthdb_sys.dat
2013-06-03 19:43 - 2012-08-16 21:53 - 00000000 ____A C:\END
2013-06-03 18:21 - 2013-05-26 17:13 - 00000000 ____D C:\Minetest
2013-06-03 12:36 - 2011-12-15 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\vlc
2013-06-01 21:30 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\Application Updater
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\YTD Toolbar
2013-06-01 21:29 - 2013-06-01 21:29 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-06-01 16:06 - 2011-12-15 19:21 - 00000000 ____D C:\Program Files\uTorrentBar
2013-06-01 07:28 - 2011-10-26 22:48 - 00000000 ____D C:\Program Files\Puran Defrag
2013-06-01 04:47 - 2008-01-20 19:47 - 00703740 ____A C:\Windows\PFRO.log
2013-05-31 22:57 - 2013-05-31 22:57 - 00002301 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2013-05-31 22:57 - 2013-05-31 22:57 - 00000000 __SHD C:\Program Files\%APPDATA%
2013-05-31 22:57 - 2012-12-14 19:25 - 00000000 ____D C:\Users\test\AppData\Roaming\WildTangent
2013-05-31 22:57 - 2011-10-10 13:54 - 00000000 ____D C:\ProgramData\WildTangent
2013-05-31 22:57 - 2011-10-10 13:54 - 00000000 ____D C:\Program Files\WildTangent Games
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\Documents\My Spore Creations
2013-05-31 21:38 - 2013-05-31 21:38 - 00000000 ____D C:\Users\test\AppData\Roaming\SPORE Creature Creator
2013-05-31 19:39 - 2013-05-31 19:39 - 00002568 __ASH C:\ProgramData\win_mpwd_sys.dat
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTrayShred.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00321736 ____A ( New Softwares.net) C:\Windows\System32\WinFLTray.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00228112 ____A (NewSoftwares.net, Inc.) C:\Windows\System32\WinVDEdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00188176 ____A C:\Windows\System32\WinVDEdrv6.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00092360 ____A (New Softwares.net) C:\Windows\System32\WinFLService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00040960 ____A C:\Windows\System32\nwsftUninstall.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00029184 ____A C:\Windows\System32\WinFLAdrv.sys
2013-05-31 19:34 - 2013-05-31 19:34 - 00014024 ____A C:\Windows\System32\WinFLMsgService.exe
2013-05-31 19:34 - 2013-05-31 19:34 - 00000995 ____A C:\Users\Public\Desktop\Folder Lock.lnk
2013-05-31 19:34 - 2013-05-31 19:34 - 00000000 ____D C:\Program Files\NewSoftware's
2013-05-30 10:53 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\MSAgent
2013-05-30 09:29 - 2012-01-22 13:25 - 00000961 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-30 09:29 - 2011-10-26 23:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-30 09:11 - 2010-01-26 08:17 - 00000000 ___RD C:\Program Files\Skype
2013-05-30 09:11 - 2010-01-26 08:17 - 00000000 ____D C:\ProgramData\Skype
2013-05-29 16:46 - 2011-12-15 19:19 - 00000000 ____D C:\Users\test\AppData\Roaming\uTorrent
2013-05-27 11:15 - 2013-04-01 21:50 - 00000438 ____A C:\Users\test\AppData\Local\UserProducts.xml
2013-05-26 16:12 - 2011-10-27 16:29 - 00094720 ____A C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-26 15:49 - 2013-05-26 15:42 - 00000000 ____D C:\Manic Digger
2013-05-26 14:05 - 2013-05-26 14:05 - 00000000 ____D C:\Users\test\wurm
2013-05-26 14:05 - 2013-05-26 13:39 - 00000000 ____D C:\BrickForce
2013-05-26 14:05 - 2011-10-26 22:12 - 00000000 ____D C:\users\test
2013-05-26 14:04 - 2013-05-26 14:04 - 00002061 ____A C:\Users\test\Desktop\Wurm Online.lnk
2013-05-25 10:22 - 2013-02-17 09:52 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-05-24 14:27 - 2012-08-07 14:49 - 00000000 ____D C:\Users\test\AppData\Local\Screencast-O-Matic
2013-05-21 16:58 - 2013-05-21 16:58 - 00011357 ____A C:\Users\test\Documents\blank.jpeg
2013-05-21 09:39 - 2006-11-02 03:33 - 00935306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-21 03:02 - 2013-05-21 03:02 - 00000000 ____D C:\Windows\System32\cache
2013-05-21 03:01 - 2013-02-17 09:52 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-18 21:46 - 2013-05-18 19:44 - 00000000 ____D C:\Netgear
2013-05-18 21:18 - 2013-05-18 21:18 - 00006002 ____A C:\Users\test\Desktop\Router_Setup.html
2013-05-16 03:43 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 03:33 - 2006-11-02 05:47 - 00380264 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:13 - 2008-12-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-13 17:48 - 2013-05-13 17:48 - 00000914 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-09 14:57 - 2013-05-09 14:57 - 00000000 ____A C:\Users\test\Desktop\New WinZip Zipx File.zipx
2013-05-09 14:10 - 2013-05-09 14:10 - 00000000 ____D C:\Users\test\AppData\Local\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2013-05-09 14:08 - 2013-05-09 14:08 - 00000000 ____D C:\Program Files\SplitMediaLabs
2013-05-09 14:05 - 2013-05-09 14:05 - 00000000 ____D C:\Users\test\AppData\Roaming\SplitMediaLabs

Files to move or delete:
====================
C:\Users\Public\MyWebTattoo.exe
C:\Users\Public\RemoveSGP.exe
C:\ProgramData\win_mpwd_sys.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-04 15:26

==================== End Of Log ============================








Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by test at 2013-06-06 14:40:30 Run:
Running from C:\Users\test\Pictures
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.3)
20602 EasyCam Pro (Version: 1.0.0.0)
32 Bit HP CIO Components Installer (Version: 7.1.8)
8500A909_Help (Version: 1.00.0000)
8500A909a (Version: 50.0.165.000)
Acoustica Mixcraft 6 (Version: b191)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Age of Conan: Unchained
AIA Contract Documents Software 4.4 (Version: 4.4.103.0)
Aika Online: Epic III (Version: 20111209)
AikaOnline (Version: 1.0)
Akamai NetSession Interface
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1483.0)
AVG SafeGuard toolbar (Version: 15.2.0.5)
Bandisoft MPEG-1 Decoder
Belkin Network USB Hub Control Center (Version: 1.4.0)
Bing Bar (Version: 7.1.361.0)
blinkx beat (Version: 1.2.2)
Bonjour (Version: 3.0.0.10)
BPD_DSWizards (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Bucksbee Loyalty Plugin - Guppy Media
BufferChm (Version: 120.0.194.000)
Burger Shop 2™
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Cake Mania Main Street (Version: 2.2.0.95)
CamStudio Lossless Codec v1.5 (Version: 1.5)
Canon MF Toolbox 4.9.1.1.mf07 (Version: 3.0.0)
Canon MF3200 Series
Canon MF4320-4350
Cisco Connect (Version: 1.4.11266.0)
Coupon Companion (Version: 1.18.149.149)
Coupon Companion Plugin (Version: 1.24.151.151)
CUPSS (Version: 1.3.5.0)
CVista PdfCompressor 4.0 DeskTop Edition (Evaluation) (Version: 4.0)
CVista PdfCompressor 4.0 Professional Evaluation (Version: 4.0)
D3DX10 (Version: 15.4.2368.0902)
Data Doctor Recovery - SIM Card (Demo) (Version: 4.4.1.2)
Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5
Deals Plugin Extension (Version: 1.24.151.151)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
Driver Detective (Version: 8.0.0)
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 (Version: 01.17.01.8018)
DVDVideoSoftTB Toolbar (Version: 10.14.0.69)
Elsword version v3.0213.5.1 (Version: v3.0213.5.1)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fantapper Player (Version: 2.0.3)
Fantapper Updater (Version: 2.0.2)
Fast Browser Search (Get Rated) (Version: 2.0)
Fax (Version: 120.0.194.000)
Folder Lock
Free YouTube to MP3 Converter version 3.12.1.320 (Version: 3.12.1.320)
FrostWire 5.3.9 (Version: 5.3.9.0)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
Happy Cloud Client (Version: 1.374)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
iLivid (Version: 4.0.0.2466)
Iminent (Version: 5.18.52.0)
IMinent Toolbar (Version: 3.26.0)
Inbox Toolbar (Version: 1.0.0)
InfoAtoms (Version: 1.0.12.0)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iPhone_OS_3 Toolbar (Version: )
IPIN Viewing System Lite Support Files (Version: 4.1)
IPIN Viewing System Professional (Version: 4.1)
iTunes (Version: 11.0.1.12)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Jing (Version: 2.8.13007.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Last.fm Scrobbler 2.1.35
League of Legends (Version: 1.3)
lightshot-4.3.0.0 (Version: 4.3.0.0)
LOLReplay (Version: 0.8.2.1)
LuraDocument PDF Compressor Desktop (Version: 4.2.0435)
LuraDocument PDF Compressor Desktop 4.2.0435 (Version: 4.2.0435)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Manic Digger
MarketResearch (Version: 120.0.226.000)
McAfee Security Scan Plus (Version: 3.0.207.4)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Accounting 2008 (Version: 3.0.8627.1)
Microsoft Office Accounting 2008 Equifax Addin (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 Fixed Asset Manager (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 PayPal Addin (Version: 3.0.8231.0)
Microsoft Office Accounting 2009 (Version: 4.0.3610.0)
Microsoft Office Accounting 2009 Equifax Addin (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 Fixed Asset Manager (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 PayPal Addin (Version: 4.0.1930.0)
Microsoft Office Accounting 2009 Tax Integration Add-in (Version: 4.0.1930.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Project Professional 2002 (Version: 10.0.8326.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319)
Minetest version 0.4.6 (Version: 0.4.6)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MPM (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NC Launcher (GameForge)
NEO Find (Version: 1.0.1.184)
Network (Version: 120.0.194.000)
Nexon Game Manager
novaPDF (novaPDF 7.1 printer)
novaPDF7 (novaPDF 7.1 printer)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
Officejet Pro 8500 A909 Series (Version: 12.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Online File Folder Edit Tool v12 (Version: 1.0.31)
Online File Folder Edit Tool v13 (Version: 1.0.32)
Online File Folder Edit Tool v14 (Version: 1.0.33)
On-Screen Takeoff (Version: 3.6.2.23)
Opera 12.15 (Version: 12.15.1748)
Outlook Setup Tool (Version: 2.0.14)
Pando Media Booster (Version: 2.6.0.8)
PAP 4.0
PAP project files
Pivot Stickfigure Animator version 2.2.7 (Version: 2.2.7)
Playalot Games (Version: 1.0.0)
PriceGong 2.1.0 (Version: 2.1.0)
ProductContext (Version: 50.0.165.000)
Puran Defrag Free Edition 7.3
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
RealUpgrade 1.1 (Version: 1.1.0)
Registry Mechanic 10.0 (Version: 10.0)
RehanFX Shader Transitions and Effects (ShaderTFX) (Version: 1.0.34)
Safari (Version: 5.34.52.7)
Scan (Version: 12.0.0.0)
Screen Recording Suite V3.0.1 (Version: 3.0.1)
Screencast-O-Matic
Segoe UI (Version: 15.4.2271.0615)
SelectionLinks (Version: 1.0)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Setup Support for Bucksbee 1.0 (Version: 1.0)
Shop for HP Supplies (Version: 12)
ShopAtHome.com Toolbar
Skype Toolbars (Version: 5.0.4112)
Skype™ 6.3 (Version: 6.3.107)
SmartWebPrinting (Version: 120.0.194.000)
SOE Web Installer (Version: 1.0.3.171)
Softonic toolbar on IE
SolutionCenter (Version: 130.0.373.000)
Sony Ericsson PC Companion 2.01.217 (Version: 2.01.217)
Sony Ericsson Update Engine (Version: 2.11.10.7)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SPORE™ Creature Creator Trial Edition (Version: 1.00.0000)
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Status (Version: 120.0.194.000)
Strongvault Online Backup (Version: 5.0.2.34)
TeamSpeak 3 Client (Version: 3.0.9.2)
TERA
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Unity Web Player (Version: )
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
uTorrentBar Toolbar (Version: 6.13.3.501)
VC8MSI (Version: 1.0.0)
Vectorian Giotto 3.0.0
VLC (Version: 1.0.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
W2 Mate (2009) 6.0.35
Wajam (Version: 1.50)
WebReg (Version: 120.0.194.000)
Wedding Salon (Version: 2.2.0.98)
WhiteSmoke US New Toolbar (Version: 6.9.0.16)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Version: 4.0.10.17)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
XSplit (Version: 1.2.1303.0101)
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02 (Version: 1.10.02)
YTD Toolbar v7.1 (Version: 7.1)
YTD Video Downloader 3.9.4
Zuma's Revenge Adventure (Version: 1.0.0)

==================== Restore Points =========================

04-06-2013 10:20:09 Windows Update
05-06-2013 08:00:14 Scheduled Checkpoint
05-06-2013 10:00:29 Windows Update
06-06-2013 10:00:11 Windows Update

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 1000 more lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============

Name: Canon MF3200 Series
Description: Canon MF3200 Series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2013 02:26:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 02:26:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 02:01:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 02:01:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 02:00:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 02:00:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 01:59:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 01:59:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 00:31:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (06/06/2013 00:31:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.


System errors:
=============
Error: (06/06/2013 03:02:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (06/06/2013 01:32:36 AM) (Source: Service Control Manager) (User: )
Description: 30000stisvc

Error: (06/05/2013 03:03:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (06/04/2013 04:02:13 PM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (06/04/2013 03:22:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202

Error: (06/04/2013 02:22:10 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (06/03/2013 06:18:05 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/03/2013 06:18:02 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (06/03/2013 11:21:18 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (06/03/2013 10:29:29 AM) (Source: Service Control Manager) (User: )
Description: 30000IPBusEnum


Microsoft Office Sessions:
=========================
Error: (09/29/2011 11:34:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 823078 seconds with 14880 seconds of active time. This session ended with a crash.

Error: (06/01/2011 11:43:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 777425 seconds with 123840 seconds of active time. This session ended with a crash.

Error: (03/16/2011 03:18:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 728570 seconds with 10080 seconds of active time. This session ended with a crash.

Error: (12/15/2010 05:13:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/18/2010 03:21:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1263019 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/18/2010 03:21:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 923383 seconds with 120 seconds of active time. This session ended with a crash.

Error: (07/14/2010 03:19:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 59573 seconds with 600 seconds of active time. This session ended with a crash.

Error: (06/24/2010 03:17:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 68631 seconds with 300 seconds of active time. This session ended with a crash.

Error: (06/22/2010 07:31:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77545 seconds with 300 seconds of active time. This session ended with a crash.

Error: (04/29/2010 11:32:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-04-01 13:18:53.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:53.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:53.285
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:53.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:52.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:52.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:52.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:51.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:51.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-01 13:18:51.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3317.39 MB
Available physical RAM: 1747.84 MB
Total Pagefile: 6868.75 MB
Available Pagefile: 4470.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:578.14 GB) (Free:309.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WNDR3400) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=578 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=18 GB) - (Type=12)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#5
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-06-2013
Ran by test at 2013-06-06 23:08:21 Run:1
Running from C:\Users\test\Desktop
Boot Mode: Normal

==============================================

[2812] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe => Process closed successfully.
[4900] C:\Program Files\SelectRebates\SelectRebates.exe => Process closed successfully.
[4920] C:\Program Files\AVG SafeGuard toolbar\vprot.exe => Process closed successfully.
[5008] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Value deleted successfully.
HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Value deleted successfully.
HKCR\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7d139a74-4e4b-d0d4-6dc7-30168d640ee9} => Value deleted successfully.
HKCR\CLSID\{7d139a74-4e4b-d0d4-6dc7-30168d640ee9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{462be121-2b54-4218-bf00-b9bf8135b23f} => Value deleted successfully.
HKCR\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Value deleted successfully.
HKCR\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key deleted successfully.
HKCR\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key not found.
HKCR\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key deleted successfully.
HKCR\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E40335A5-029C-48AA-A002-59F9225BB65E} => Key deleted successfully.
HKCR\CLSID\{E40335A5-029C-48AA-A002-59F9225BB65E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011441193} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181106} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110211181106} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} => Key deleted successfully.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} => Key deleted successfully.
HKCR\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e} => Key deleted successfully.
HKCR\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f} => Key deleted successfully.
HKCR\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026} => Key deleted successfully.
HKCR\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652B399A-4CE6-ADF4-C9A0-DAE7374EE2FE} => Key deleted successfully.
HKCR\CLSID\{652B399A-4CE6-ADF4-C9A0-DAE7374EE2FE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74714d77-1695-4e73-a98e-25cb374f46b4} => Key deleted successfully.
HKCR\CLSID\{74714d77-1695-4e73-a98e-25cb374f46b4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key deleted successfully.
HKCR\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Key deleted successfully.
HKCR\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3} => Key deleted successfully.
HKCR\CLSID\{8A86D350-37AB-410A-8531-7D1363F317B3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key deleted successfully.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key deleted successfully.
HKCR\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} => Key deleted successfully.
HKCR\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => Key deleted successfully.
HKCR\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key deleted successfully.
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key deleted successfully.
HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{74714d77-1695-4e73-a98e-25cb374f46b4} => Value deleted successfully.
HKCR\CLSID\{74714d77-1695-4e73-a98e-25cb374f46b4} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{26c9e18c-3717-4be1-a225-04e4471f5b6e} => Value deleted successfully.
HKCR\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => Value deleted successfully.
HKCR\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => Value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{462be121-2b54-4218-bf00-b9bf8135b23f} => Value deleted successfully.
HKCR\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} => Value deleted successfully.
HKCR\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Value deleted successfully.
HKCR\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Value deleted successfully.
HKCR\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{74714D77-1695-4E73-A98E-25CB374F46B4} => Value deleted successfully.
HKCR\CLSID\{74714D77-1695-4E73-A98E-25CB374F46B4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{462BE121-2B54-4218-BF00-B9BF8135B23F} => Value deleted successfully.
HKCR\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Value deleted successfully.
HKCR\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Key not found.
HKCR\PROTOCOLS\Handler\inbox => Key deleted successfully.
HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\@nexon.net/NxGame => Key deleted successfully.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => Key deleted successfully.
C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\Extensions\[email protected] => Moved successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files\VideoLAN\VLC\npvlc.dll => Moved successfully.
C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll not found.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => Moved successfully.
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll not found.
C:\Users\test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhgoadfgiandmaieopaphefbhcdpfaf => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjkgfgkopgmemahphckephbbeaamgma => Moved successfully.
C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
FTSvc => Service deleted successfully.
McComponentHostService => Service deleted successfully.
WajamUpdater => Service deleted successfully.
avgtp => Service deleted successfully.
C:\Users\Public\RemoveSGP.exe => Moved successfully.
C:\ProgramData\win_mpwd_sys.dat => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
The system needs a manual reboot.

I take it that you did reboot before posting.

Now

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    BASESERVICES
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C/
    md5start
    services.*
    wbemess.dill
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    winsock.*
    qmgr.dll
    /md5stop
    %USERPROFILE%\..|smtmp;true;true;true /FP
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT 
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
When you return please post
  • JRT.txt
  • OTL.txt
  • Extras.txt

  • 0

#7
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
actually no those were the notepad that popped up before rebooting.
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Okay, please reboot your machine and then follow the instructions in my last post. :)
  • 0

#9
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by test on Fri 06/07/2013 at 9:18:27.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminent
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminentmessenger
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\selectrebates
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smessaging
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4173232996-1987906121-3502484201-1013\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\deals plugin extension
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bho.pshelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bho.pshelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricefactorie.pricegongbho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricefactorie.pricegongbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricegongie.pricegongctrl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\pricegongie.pricegongctrl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.softonichlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonic.softonichlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonicapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\softonicapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\srv.softonicsrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\srv.softonicsrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.FBApi
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.FBApi.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004637.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004637.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0004637.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021806.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021806.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021806.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021806.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.FCTB000100769Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.FCTB000100769Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100769.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01620.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01620.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01620.TBSB01620
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.TBSB07183
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB07183.TBSB07183.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB01620
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB01620.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.FBApi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.FBApi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004493.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004637.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004637.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0004637.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021806.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021806.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021806.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0021806.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.FCTB000100769Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.FCTB000100769Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100769.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB01620.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB01620.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB01620.TBSB01620
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB01620.TBSB01620.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB07183.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB07183.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB07183.TBSB07183
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\TBSB07183.TBSB07183.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar3.TBSB01620
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar3.TBSB01620.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2436531
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3244149
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022462237}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220222182206}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33333333-3333-3333-3333-330033443393}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] C:\Users\test\AppData\LocalLow\FCTB000100769
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\iminent"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\blekkotb"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\deals plugin"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\deals plugin extension"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\test\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Users\test\appdata\locallow\whitesmoke_us_new"
Successfully deleted: [Folder] "C:\Program Files\alot"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupon companion"
Successfully deleted: [Folder] "C:\Program Files\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files\deals plugin extension"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\Program Files\iminent toolbar"
Successfully deleted: [Folder] "C:\Program Files\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files\infoatoms"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\pricegong"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files\selectrebates"
Successfully deleted: [Folder] "C:\Program Files\softonic"
Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Program Files\whitesmoke_us_new"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
Successfully deleted: [Folder] "C:\Program Files\yourfiledownloader"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\test\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\test\appdata\local\{A5EE47D2-D8D9-426A-A77C-3FCF1C7D28CA}
Successfully deleted: [Empty Folder] C:\Users\test\appdata\local\{F863D7B2-39BB-47B2-9C9D-C4F2B53F7B82}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\searchtheweb.xml"
Successfully deleted: [File] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\user.js
Successfully deleted: [File] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\searchplugins\searchtheweb.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Folder] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\conduitcommon
Successfully deleted: [Folder] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\jetpack
Successfully deleted: [Folder] C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\smartbar
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}
Successfully deleted the following from C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\prefs.js

user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"46?F\",\"temperatureClear\":\"46?F\",\"highTemperature\":\"46?F\",\"lowTemperature\":\"34?F\
user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid", "84CFA246-C75E-4028-B6B2-162C023C3D26");
user_pref("CT2269050.installId", "conduitnsisintegration");
user_pref("CT2269050.installType", "conduitnsisintegration");
user_pref("CT2269050.isPerformedSmartBarTransition", "true");
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "0");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2786678.backendstorage.hxxp://cmg1_conduit-widgets_com/miniquarium.state", "434C4F5345");
user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CommunityToolbar.ConduitSearchList", "OurWorld.com Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2383985/CT2383985", "\"da9c77078d134c64100bd3fd5269cf692\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"f60b64f68e29ae442b635869e42a1fdd1\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1016018/1011733/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1018238/1013952/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1061742/1057446/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1172363/1168048/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1397277/1392935/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1402728/1398386/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1417646/1413302/US", "\"1-222427-79002000\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1459096/1454751/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/17738/17375/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/529103/524973/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/778761/774589/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/807559/803371/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/914671/910466/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/975969/971731/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2383985", "\"1274459610\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"801a319dd78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2383985", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"7097bb27983d23fb65dfbd9398fad22c\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"073e33a707e0305bf15c11c5bbb33921\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\test\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\54sg925d.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/3d/f6/3da3ff3d-3fb4-4a03-be93-468e59eee9f6/Gadgets/6f84459b-aa48-4d42-a112-f694a40444c0.
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80465&language=en&qkw=");
user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 28 2012 19:38:48 GMT-0800 (Pacific Standard Time)");
user_pref("CommunityToolbar.globalUserId", "fbfe152d-be30-4063-aaf0-39ab6c2c1623");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 22:20:56 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 02 2012 18:43:18 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 02 2012 18:43:09 GMT-0700 (Pacific Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "b530d922-15c0-4bcf-a355-fec5aae90f35");
user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "Inbox Search");
user_pref("CommunityToolbar.permanenceEngine", false);
user_pref("browser.search.defaultenginename", "SearchTheWeb");
user_pref("browser.search.defaultthis.engineName", "OurWorld.com Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383985&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=936bb1a8-0327-4659-861d-c3da539d37f8&lcid=1033&ref=homepage");
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "US");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.dfltlng", "en");
user_pref("extensions.Softonic.dfltsrch", "false");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.gingeruserid", "34ba84a2-aebe-46e5-a80c-2fc3945df32c");
user_pref("extensions.Softonic.hdrMd5", "AF888C49786ED11F00D4A980071CFE33");
user_pref("extensions.Softonic.hmpg", false);
user_pref("extensions.Softonic.hrdid", "34e6d6ec000000000000002197322d2e");
user_pref("extensions.Softonic.id", "34e6d6ec000000000000002197322d2e");
user_pref("extensions.Softonic.instlDay", "15580");
user_pref("extensions.Softonic.instlRef", "MON1208T04");
user_pref("extensions.Softonic.instlday", "15580");
user_pref("extensions.Softonic.instlref", "MON1208T04");
user_pref("extensions.Softonic.isdcmntcmplt", false);
user_pref("extensions.Softonic.keywordurl", "");
user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.417:55:57");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", false);
user_pref("extensions.Softonic.newtab", "false");
user_pref("extensions.Softonic.newtaburl", "");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prtnrid", "softonic");
user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1010\",\"name\":\"Space Radio Scanner\",\"url\":\"hxxp://jupiter.wcc.hawaii.edu/newradiojove/wccroreceiver.asx\",\
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.savedVrsnTs", "1");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.smplgrp", "none");
user_pref("extensions.Softonic.srch", "");
user_pref("extensions.Softonic.srchprvdr", "");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON1208T04/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.tlbrid", "base");
user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON1208T04/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.6.7.4");
user_pref("extensions.Softonic.vrsnTs", "1.6.7.417:55:57");
user_pref("extensions.Softonic.vrsni", "1.6.7.4");
user_pref("extensions.Softonic.vrsnts", "1.6.7.417:55:57");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.417:55:57");
user_pref("extensions.crossrider.bic", "13790b32a6305cc3655936770a01cd2a");
user_pref("extensions.crossriderapp4637.4637.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp4637.4637.InstallationTime", 1352832450);
user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp4637.4637.active", true);
user_pref("extensions.crossriderapp4637.4637.addressbar", "");
user_pref("extensions.crossriderapp4637.4637.addressbarenhanced", "");
user_pref("extensions.crossriderapp4637.4637.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()
user_pref("extensions.crossriderapp4637.4637.backgroundver", 7);
user_pref("extensions.crossriderapp4637.4637.can_run_bg_code", true);
user_pref("extensions.crossriderapp4637.4637.certdomaininstaller", "");
user_pref("extensions.crossriderapp4637.4637.changeprevious", false);
user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.value", "1352832450");
user_pref("extensions.crossriderapp4637.4637.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.value", "1352832450");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_blocklist.expiration", "Tue Dec 25 2012 15:45:29 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.expiration", "Wed Dec 26 2012 17:44:19 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.value", "1356478456");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.value", "%221356061410%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.value", "1355967877347");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.value", "%221266%22");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.value", "%22106125%22");
user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.value", "1355967857615");
user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.value", "%7B%22path%22%3A%22/nikkole.felix%22%2C%22host%22%3A%22www.facebook.com%22%2C%22scheme%22%3A%22hxxps%2
user_pref("extensions.crossriderapp4637.4637.description", "Deals Plugin");
user_pref("extensions.crossriderapp4637.4637.domain", "");
user_pref("extensions.crossriderapp4637.4637.enablesearch", false);
user_pref("extensions.crossriderapp4637.4637.fbremoteurl", "");
user_pref("extensions.crossriderapp4637.4637.group", 0);
user_pref("extensions.crossriderapp4637.4637.homepage", "");
user_pref("extensions.crossriderapp4637.4637.iframe", false);
user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2268F0012D9F50407B8F3FF4DA27FCB60CIE%22%2C%22installer_verifier
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.value", "40");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.expiration", "Tue Dec 25 2012 21:40:28 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare
user_pref("extensions.crossriderapp4637.4637.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1180,baseCDN:\"
user_pref("extensions.crossriderapp4637.4637.manifesturl", "");
user_pref("extensions.crossriderapp4637.4637.name", "Deals Plugin");
user_pref("extensions.crossriderapp4637.4637.newtab", "");
user_pref("extensions.crossriderapp4637.4637.opensearch", "");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appA
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.ver", 3);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.ver", 10);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.ver", 4);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.ver", 2);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.ver", 2);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.ver", 4);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.ver", 3);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.ver", 3);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=funct
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.ver", 2);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.ver", 2);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.ver", 3);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.ver", 1);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.ver", 1);
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=fu
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.ver", 1);
user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015");
user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_1", "17,14,13,16,15,64,72,4,1,21,22,1000014,28");
user_pref("extensions.crossriderapp4637.4637.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4637/plugins/086/ff/plugins.json");
user_pref("extensions.crossriderapp4637.4637.pluginsversion", 21);
user_pref("extensions.crossriderapp4637.4637.publisher", "215 Apps");
user_pref("extensions.crossriderapp4637.4637.searchstatus", 0);
user_pref("extensions.crossriderapp4637.4637.setnewtab", false);
user_pref("extensions.crossriderapp4637.4637.settingsurl", "");
user_pref("extensions.crossriderapp4637.4637.thankyou", "");
user_pref("extensions.crossriderapp4637.4637.updateinterval", 360);
user_pref("extensions.crossriderapp4637.4637.ver", 40);
user_pref("extensions.crossriderapp4637.adsOldValue", 14);
user_pref("extensions.crossriderapp4637.apps", "4637");
user_pref("extensions.crossriderapp4637.bic", "13790b32a6305cc3655936770a01cd2a");
user_pref("extensions.crossriderapp4637.cid", 4637);
user_pref("extensions.crossriderapp4637.firstrun", false);
user_pref("extensions.crossriderapp4637.hadappinstalled", true);
user_pref("extensions.crossriderapp4637.installationdate", 1355967791);
user_pref("extensions.crossriderapp4637.lastcheck", 22607974);
user_pref("extensions.crossriderapp4637.lastcheckitem", 22607994);
user_pref("extensions.crossriderapp4637.modetype", "production");
user_pref("extensions.crossriderapp4637.reportInstall", true);
user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338162490);
user_pref("extensions.crossriderapp4926.4926.active", true);
user_pref("extensions.crossriderapp4926.4926.addressbar", "");
user_pref("extensions.crossriderapp4926.4926.affid", "0");
user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/************************************************************************************\n This is your backgrou
user_pref("extensions.crossriderapp4926.4926.backgroundver", 2);
user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true);
user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", "");
user_pref("extensions.crossriderapp4926.4926.changeprevious", false);
user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338162490");
user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook Timeline.");
user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com");
user_pref("extensions.crossriderapp4926.4926.emailsig", "");
user_pref("extensions.crossriderapp4926.4926.enablesearch", false);
user_pref("extensions.crossriderapp4926.4926.exposesites", "");
user_pref("extensions.crossriderapp4926.4926.fbremoteurl", "");
user_pref("extensions.crossriderapp4926.4926.group", 0);
user_pref("extensions.crossriderapp4926.4926.homepage", "");
user_pref("extensions.crossriderapp4926.4926.iframe", true);
user_pref("extensions.crossriderapp4926.4926.js", "\n\n\n\nvar version=\"0.9\",copyright=\"removemytimeline.com\",h_tl=localStorage.getItem(\"tml_h\")?localStorage.getItem(\"t
user_pref("extensions.crossriderapp4926.4926.manifesturl", "");
user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover");
user_pref("extensions.crossriderapp4926.4926.newtab", "");
user_pref("extensions.crossriderapp4926.4926.opensearch", "");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){return appAPI.appInfo?appAPI.appInfo.id:appAPI.appID}};$jquery.extend
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_1.ver", 2);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function©{c.selectedText=function(e,a){function d(){if(window.getSelection)return window.getSelection
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI&&(appAPI={});appAPI.JSON={};\n(function(){function a(a){return 10>a?\"0\"+
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function h(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabI
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 2);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n){function X(){if(!c.isReady){try{k.documentElement.doScroll(\"left\")}catch
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_21.code", "var CrossriderDebugManager=function©{function e(){return appAPI.internal.db.get(\"debug_resources_path
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_21.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_22.code", "(function(b){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=functi
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_22.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_28.code", "var CrossriderInitializerPlugin=function(a){var c;function d(){setTimeout(function(){a(\"html\").attr(\"
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_28.ver", 1);
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp4926.4926.plugins.plugin_4.ver", 2);
user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16");
user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,28");
user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4926/plugins/081/ff/plugins.json");
user_pref("extensions.crossriderapp4926.4926.pluginsversion", 2);
user_pref("extensions.crossriderapp4926.4926.premium", true);
user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol");
user_pref("extensions.crossriderapp4926.4926.searchstatus", 0);
user_pref("extensions.crossriderapp4926.4926.setnewtab", false);
user_pref("extensions.crossriderapp4926.4926.settingsurl", "");
user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php");
user_pref("extensions.crossriderapp4926.4926.updateinterval", 360);
user_pref("extensions.crossriderapp4926.4926.ver", 62);
user_pref("extensions.crossriderapp4926.apps", "4926");
user_pref("extensions.crossriderapp4926.bic", "13790b32a6305cc3655936770a01cd2a");
user_pref("extensions.crossriderapp4926.cid", 4926);
user_pref("extensions.crossriderapp4926.firstrun", false);
user_pref("extensions.crossriderapp4926.hadappinstalled", true);
user_pref("extensions.crossriderapp4926.installationdate", 1338162490);
user_pref("extensions.crossriderapp4926.lastcheck", 22311506);
user_pref("extensions.crossriderapp4926.lastcheckitem", 22311534);
user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338692116467");
user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338692116461");
user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"reference_search2\" position=\"100\" default=\"3\" type=\"simple\" action=\"hxxp://toolbar.inbox.com/link.aspx?code=referen
user_pref("ibxcomtb.skin", "<button id=\"BLUE_GREEN\" type=\"SKIN\" ver=\"1.0.0.2\">\n\n <expand firstbutton=\"11\" combo=\"27\" lastbutton=\"45\"/>\n <offset fb=\"2\" cb=\"
user_pref("extensions.crossriderapp21804.adsOldValue", 14);
Emptied folder: C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\54sg925d.default\minidumps [19 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/07/2013 at 9:21:05.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Here's the jrt, but whenever I run the otl scan it ends up freezing up on me.

Posted Image

It happens whenever it starts to scan for the firefox settings

Edited by Earthless94, 07 June 2013 - 01:08 PM.

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Here's the jrt, but whenever I run the otl scan it ends up freezing up on me.


I think you mean OTL.

Try it without anything in the Custom Scans/Fixes panel.

Just press the Quick Scan button.

Tell me how you get on.
  • 0

Advertisements


#11
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
nvm it's scanning right now. I'll edit in with the log when its done.

Edited by Earthless94, 07 June 2013 - 01:26 PM.

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Moving on then.

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Oh I see we cross posted.

Let's wait for the OTL one.

Leave ComboFix for now. :)
  • 0

#14
Earthless94

Earthless94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Well otl was working till it hit the firefox and just froze up again, so I decided to just skip and do the combofix here's the log




ComboFix 13-06-07.03 - test 06/07/2013 14:10:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.2106 [GMT -7:00]
Running from: c:\users\test\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\%APPDATA%
c:\program files\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\program files\Blinkx
c:\program files\Blinkx\blinkx.exe
c:\program files\Blinkx\blinkx.ico
c:\program files\Blinkx\blinkxss.exe
c:\program files\Blinkx\blinkxstop.exe
c:\program files\Blinkx\lang.dll
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\logo.bmp
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Blinkx\templates\saver.ico
c:\program files\Blinkx\templates\template0.htm
c:\program files\Blinkx\templates\template1.htm
c:\program files\Blinkx\templates\template10.htm
c:\program files\Blinkx\templates\template11.htm
c:\program files\Blinkx\templates\template2.htm
c:\program files\Blinkx\templates\template3.htm
c:\program files\Blinkx\templates\template4.htm
c:\program files\Blinkx\templates\template5.htm
c:\program files\Blinkx\templates\template6.htm
c:\program files\Blinkx\templates\template7.htm
c:\program files\Blinkx\templates\template8.htm
c:\program files\Blinkx\templates\toolcfgdata2.html
c:\program files\Blinkx\templates\uninstall.exe
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Updater\Updater.msi
c:\users\Admin\g2mdlhlpx.exe
c:\users\test\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\users\test\AppData\Roaming\Love
c:\users\test\AppData\Roaming\Love\mari0\options.txt
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\bc443321759c04bd.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\SETB64C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))
.
.
2013-06-07 21:23 . 2013-06-07 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 21:23 . 2013-06-07 21:23 -------- d-----w- c:\users\Tess\AppData\Local\temp
2013-06-07 21:23 . 2013-06-07 21:23 -------- d-----w- c:\users\Tanny\AppData\Local\temp
2013-06-07 21:23 . 2013-06-07 21:23 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-06-07 16:18 . 2013-06-07 16:18 -------- d-----w- c:\windows\ERUNT
2013-06-07 16:02 . 2013-06-07 16:18 -------- d-----w- C:\JRT
2013-06-06 21:37 . 2013-06-07 06:08 -------- d-----w- C:\FRST
2013-06-02 04:29 . 2013-06-02 04:29 -------- d-----w- c:\program files\Common Files\Spigot
2013-06-01 04:38 . 2013-06-01 04:38 -------- d-----w- c:\users\test\AppData\Roaming\SPORE Creature Creator
2013-06-01 02:34 . 2013-06-01 02:34 29184 ----a-w- c:\windows\system32\WinFLAdrv.sys
2013-06-01 02:34 . 2013-06-01 02:34 188176 ----a-w- c:\windows\system32\WinVDEdrv6.sys
2013-06-01 02:34 . 2013-06-01 02:34 228112 ----a-w- c:\windows\system32\WinVDEdrv.sys
2013-06-01 02:34 . 2013-06-01 02:34 92360 ----a-w- c:\windows\system32\WinFLService.exe
2013-06-01 02:34 . 2013-06-01 02:34 14024 ----a-w- c:\windows\system32\WinFLMsgService.exe
2013-06-01 02:34 . 2013-06-01 02:34 40960 ----a-w- c:\windows\system32\nwsftUninstall.exe
2013-06-01 02:34 . 2013-06-01 02:34 321736 ----a-w- c:\windows\system32\WinFLTray.exe
2013-06-01 02:34 . 2013-06-01 02:34 321736 ----a-w- c:\windows\system32\WinFLTrayShred.exe
2013-06-01 02:34 . 2013-06-01 02:34 -------- d-----w- c:\program files\NewSoftware's
2013-05-27 00:13 . 2013-06-04 01:21 -------- d-----w- C:\Minetest
2013-05-26 22:42 . 2013-05-26 22:49 -------- d-----w- C:\Manic Digger
2013-05-26 21:05 . 2013-05-26 21:05 -------- d-----w- c:\users\test\wurm
2013-05-26 20:39 . 2013-05-26 21:05 -------- d-----w- C:\BrickForce
2013-05-19 02:46 . 2010-06-30 08:27 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2013-05-19 02:44 . 2013-05-19 04:46 -------- d-----w- C:\Netgear
2013-05-16 10:11 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 21:31 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 21:31 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 21:31 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 21:10 . 2013-05-09 21:10 -------- d-----w- c:\users\test\AppData\Local\SplitMediaLabs
2013-05-09 21:08 . 2013-05-09 21:08 -------- d-----w- c:\programdata\SplitMediaLabs
2013-05-09 21:08 . 2013-05-09 21:08 -------- d-----w- c:\program files\SplitMediaLabs
2013-05-09 21:05 . 2013-05-09 21:05 -------- d-----w- c:\users\test\AppData\Roaming\SplitMediaLabs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 10:01 . 2013-02-17 16:52 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-14 16:19 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-20 07:13 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-20 07:13 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2011-10-27 06:24 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-10-27 06:24 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-10-27 06:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-10-27 06:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-10-27 06:24 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-10-27 06:24 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-10-27 06:22 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-10-27 06:22 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-04 21:50 . 2011-10-27 06:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 12:21 . 2012-04-05 21:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-23 12:21 . 2011-05-23 12:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 23:28 . 2013-03-19 23:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 23:27 . 2012-07-11 16:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 23:27 . 2011-07-12 03:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 12:39 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 12:39 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-14 00:17 . 2012-02-29 15:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Facebook Update"="c:\users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-27 138096]
"Akamai NetSession Interface"="c:\users\test\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-01-02 3093624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"LightShot"="c:\users\test\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2013-02-21 226152]
"WinFLTray"="c:\windows\system32\WinFLTray.exe" [2013-06-01 321736]
"FLBackup"="c:\program files\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2013-06-01 275656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-08-19 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-05-21 1226928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2013-5-26 526336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Belkin Network USB Hub Control Center.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk
backup=c:\windows\pss\Belkin Network USB Hub Control Center.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 22:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
- c:\users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 23:46]
.
2013-06-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
- c:\users\test\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-02 23:46]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:59]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:59]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-25 07:02]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-25 07:02]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007Core.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 06:00]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1007UA.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 06:00]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013Core.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 23:48]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4173232996-1987906121-3502484201-1013UA.job
- c:\users\test\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 23:48]
.
2013-06-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-24 22:31]
.
2009-04-24 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-24 22:31]
.
2013-06-07 c:\windows\Tasks\update-S-1-5-21-4173232996-1987906121-3502484201-1013.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-02 07:26]
.
2013-06-07 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-02 07:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\54sg925d.default\
FF - ExtSQL: !HIDDEN! 2009-06-24 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-16 21:53; [email protected]; c:\program files\Mozilla FireFox\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-blinkxgate - c:\program files\Blinkx\blinkx.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
AddRemove-Coupon Companion - c:\program files\Coupon Companion\Uninstall.exe
AddRemove-Coupon Companion Plugin - c:\program files\Coupon Companion Plugin\Uninstall.exe
AddRemove-Deals Plugin Extension - c:\program files\Deals Plugin Extension\Uninstall.exe
AddRemove-iLivid - c:\users\test\AppData\Local\iLivid\uninstall.exe
AddRemove-IMBoosterARP - c:\program files\Iminent\inst\Bootstrapper\Bootstrapper.exe
AddRemove-InfoAtoms - c:\program files\InfoAtoms\Uninstall.exe
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
AddRemove-Setup Support for Bucksbee - c:\program files\Setup Support for Bucksbee\uninst.exe
AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe
AddRemove-Softonic - c:\program files\Softonic\Softonic\1.6.7.4\uninstall.exe
AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe
AddRemove-Wajam - c:\program files\Wajam\uninstall.exe
AddRemove-WhiteSmoke_US_New Toolbar - c:\program files\WhiteSmoke_US_New\uninstall.exe
AddRemove-{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 - c:\program files\Inbox Toolbar\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-CT2269050 - c:\users\test\AppData\Local\Conduit\CT2269050\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-07 14:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4173232996-1987906121-3502484201-1013\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*D*X‘‚"\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4173232996-1987906121-3502484201-1013\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4173232996-1987906121-3502484201-1013\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4173232996-1987906121-3502484201-1013\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆ]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,74,65,73,74,5c,44,65,73,6b,74,6f,70,5c,44,
6f,77,6e,6c,6f,61,64,73,5c,57,69,6c,66,72,65,64,20,55,53,20,53,65,61,73,6f,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:43,3a,5c,55,73,65,72,73,5c,74,65,73,74,5c,44,65,73,6b,74,6f,70,5c,44,
6f,77,6e,6c,6f,61,64,73,5c,57,69,6c,66,72,65,64,20,55,53,20,53,65,61,73,6f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Workspace\offSyncService.exe
c:\windows\system32\WinFLService.exe
c:\windows\system32\lxducoms.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\users\test\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NewSoftware's\Folder Lock\FLComServ.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2013-06-07 14:41:44 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-07 21:41
.
Pre-Run: 355,922,591,744 bytes free
Post-Run: 391,057,580,032 bytes free
.
- - End Of File - - F7612BAAECBBC8DF5A08285AB7EB0F3E
5C616939100B85E558DA92B899A0FC36
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Making progress.

Now

I would like to try something.

Delete your copy of OTL from the Desktop and download and see if this one will do the job:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
If it doesn't then please run a scan with Farbars Recovery Scan Tool again and post back the results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP