Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pop ups and other issues [Solved]

Started by betjunk21 , Jul 09 2013 05:54 PM

  • This topic is locked This topic is locked

#1
betjunk21
Posted 09 July 2013 - 05:54 PM

betjunk21

    Member

  • Member
  • PipPip
  • 12 posts
I ran the avast scan and also mbam and it found problems. Those problems have been removed but I still have issues that are not being discovered. Here are the two logs and screen shots of the error messages.

OTL Extras logfile created on: 7/9/2013 6:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.03% Memory free
5.94 Gb Paging File | 4.74 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 157.01 Gb Free Space | 70.04% Space Free | Partition Type: NTFS

Computer Name: BETTY-PC | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C5A30378-C7FF-49BF-92F0-031A132D75BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010831A8-4F0F-4BA3-AC5F-D7AE02B1B796}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{1A2A0C53-D30D-4968-A45F-AC66CE3D3C27}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1D962045-BCCF-458A-99C8-F66CB0463F6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{1F923408-40BA-407E-BD0E-D0D37F192E48}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{22361B8E-411C-4C2C-8E84-2DA72D5184B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{22F151A8-B88F-4053-9BC9-C1420C9117D0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2B5399B2-37A1-45E4-A29B-2E02AD753213}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2C25A489-F3C0-4852-8BD4-E18D59CA3551}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2F323988-EB11-497C-8F28-2D6BDD024B00}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3709E6BF-265A-4EAB-B012-CFFD71A23A24}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{38B88B15-8B26-402A-BE60-2F3110184EB5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{3A4731F8-9244-4073-90B1-658E6891F529}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{47AB4393-D011-4E02-8440-3EB78932572F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{482A83DD-B411-4781-97C7-DD870A98DA39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{483990B8-4225-44F7-9266-6D1FF428DB19}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4D52E79F-9659-4C56-876E-FACD8072BF10}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{577DF7DE-F5FF-45B6-B851-C0F3EC2E3EB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{592A33D2-9DF6-42F5-9DA6-000C66B1F086}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{6015B93F-E443-4BD3-8A2D-E3177B0D2CD6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{60C2C516-F983-4DB4-ADDE-373E711B85E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{668ED611-2614-4D22-8E58-AC54C1FFA8F3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6A3C02CF-8BFE-4885-AE6B-20637029DE13}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{74EA0F65-50E2-4938-9258-48BD434523D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7788431A-3510-4E68-A4FE-D7841A13800D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7FF7B14F-9DAC-4D68-93BA-2F3ED2E98378}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8482FB3A-E8DD-42F6-B950-3307C58855BD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{858092D0-9517-4D56-89D2-23F738814D9F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{873130B4-5D08-449D-B5D9-0B6F85372BA4}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{93D2F4DD-E846-475F-ABF5-B6DCB198CFB4}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9C6FDC3D-BD8E-406C-9305-4A69EC73E380}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A79C560F-6D1C-4ECA-A0AC-40F95373B804}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A82A3A3C-8421-4059-B950-7648C193B913}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AF5EFEBD-C786-4BFF-8C56-7304B36632D2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{B35BB9ED-14B5-49AA-93B0-EA1E20DA935E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B664E1EE-94D5-4B53-90F3-B31DFA5E01AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{BBFD254B-C098-4C4D-8E79-E2D53928118A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{BEA41A06-7044-4F9E-BFD5-8B209D19C9B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{C2017F2B-A72F-42C1-A0E2-05C831C4CA13}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D056DF9C-4619-46D8-8CA6-F473A3886474}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D702ED83-C216-45B1-983C-B0E33A67F8AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D9E272E0-0270-41DC-936B-CF0A0178A766}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DFA2D702-A502-45B5-A48F-275FE0DA8E5D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E37B2F6D-55CC-4773-8AF7-75C5A340F073}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{E3A07AB1-B8C4-4F7D-9690-E405731A955E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E837FCF7-CB47-4DA3-A374-9A59CD9BDC85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{EE1F316C-DB12-4CDE-BB97-FEB029828DC7}" = dir=in | app=c:\users\betty\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FD7AA07B-7F87-4AE7-8AD7-5B08B5457E83}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{211EEDC8-F038-47A7-B947-EA2C0847C24D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{25926EAD-5A31-496E-A0C7-63CD52BE77C4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1A29338A-6F83-44E3-BE98-A371ACE375E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{472A50BC-BB02-495A-8346-139F747FA21A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"CCleaner" = CCleaner
"DnsBasic" = DnsBasic 1.0 build 111
"Driver Pro_is1" = Driver Pro v3.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LessTabs" = LessTabs
"[email protected]" = LyricsSpeaker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa2" = Picasa 2
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TotalRecipeSearch_14 Chrome Extension Uninstall" = TotalRecipeSearch Toolbar Chrome Extension
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WTA-ddefc14d-805c-4e4a-8b2d-0bbc658c0185" = Bejeweled

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyEmoticons" = MyEmoticons
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2013 11:21:10 PM | Computer Name = Betty-PC | Source = ESENT | ID = 467
Description = Windows (3080) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId of table SystemIndex_Gthr is corrupted (0).

Error - 7/8/2013 11:21:11 PM | Computer Name = Betty-PC | Source = ESENT | ID = 467
Description = Windows (3080) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId of table SystemIndex_Gthr is corrupted (0).

Error - 7/8/2013 11:21:12 PM | Computer Name = Betty-PC | Source = ESENT | ID = 467
Description = Windows (3080) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index indexDocId of table SystemIndex_Gthr is corrupted (0).

Error - 7/8/2013 11:23:38 PM | Computer Name = Betty-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/8/2013 11:44:58 PM | Computer Name = Betty-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/8/2013 11:46:24 PM | Computer Name = Betty-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2013 11:46:24 PM | Computer Name = Betty-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/8/2013 11:56:39 PM | Computer Name = Betty-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/9/2013 4:49:10 PM | Computer Name = Betty-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/9/2013 5:50:45 PM | Computer Name = Betty-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 10/29/2009 4:01:17 AM | Computer Name = Betty-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2011 3:53:56 PM | Computer Name = Betty-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/6/2013 10:26:49 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 7/7/2013 9:10:22 AM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/8/2013 8:59:02 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/8/2013 10:50:11 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/8/2013 11:16:30 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 7/8/2013 11:24:50 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/8/2013 11:45:17 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/8/2013 11:48:59 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/8/2013 11:56:50 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/9/2013 4:49:30 PM | Computer Name = Betty-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

OTL logfile created on: 7/9/2013 6:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Betty\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.03% Memory free
5.94 Gb Paging File | 4.74 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.17 Gb Total Space | 157.01 Gb Free Space | 70.04% Space Free | Partition Type: NTFS

Computer Name: BETTY-PC | User Name: Betty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/09 18:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty\Desktop\OTL.exe
PRC - [2013/07/09 11:09:30 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/25 08:57:07 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/06/11 22:12:26 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/11 07:42:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/23 19:46:25 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 16:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 14:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 18:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 16:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/09 11:09:30 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/11 22:12:25 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/17 03:38:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/17 03:36:32 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013/01/11 21:10:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/11 21:09:54 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/11 21:06:38 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/11 21:06:25 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 13:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll
MOD - [2007/12/25 15:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 00:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2013/07/09 11:09:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 22:12:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/09/30 16:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 23:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2013/06/27 14:35:56 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 14:35:56 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 14:35:56 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 03:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 03:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 03:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 03:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 03:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/22 18:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 21:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2ABED447-9F2A-41FA-AAB1-84834CBAB26B}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic....s={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic....s={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{092E00AE-2262-453D-B60C-A62E55A37B6F}: "URL" = http://search.condui...9632064914&UM=2
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{09F29AD5-CE77-4DC0-A499-B0153C1C4612}: "URL" = http://websearch.ask...D0-A4A93A2F2A34
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{2ABED447-9F2A-41FA-AAB1-84834CBAB26B}: "URL" = http://www.google.co...1I7TSHB_enUS327
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow....ion=6.0-x86-SP2
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic....s={searchTerms}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\SearchScopes\{F18F4EC8-8735-44DD-BD9C-16999048B031}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: lspeaker%40lyricsspeaker.net:1.116
FF - prefs.js..extensions.enabledAddons: lesstabs%40lesstabs.com:1.7.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 13:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/25 08:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Betty\AppData\Roaming\MyEmoticons\[email protected] [2013/06/23 23:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013/07/09 11:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/22 12:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/25 08:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/09 11:09:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/09 11:09:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 13:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsSpeaker\116.xpi [2013/07/07 08:10:58 | 000,005,360 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/09 11:09:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/09 11:09:24 | 000,000,000 | ---D | M]

[2012/03/05 22:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betty\AppData\Roaming\Mozilla\Extensions
[2013/07/09 09:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions
[2013/06/17 10:55:07 | 000,001,793 | ---- | M] () -- C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\Bing.xml
[2013/06/20 15:36:14 | 000,006,546 | ---- | M] () -- C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\BrowserDefender.xml
[2013/06/19 22:36:53 | 000,001,094 | ---- | M] () -- C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\mixidj-v31-customized-web-search.xml
[2013/07/09 11:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/09 11:09:22 | 000,000,000 | ---D | M] (DnsBasic) -- C:\Program Files\Mozilla Firefox\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
[2013/07/09 11:09:22 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/09 11:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/09 11:09:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/22 12:29:32 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/07/07 08:10:58 | 000,005,360 | ---- | M] () (No name found) -- C:\PROGRAM FILES\LYRICSSPEAKER\116.XPI
[2013/06/25 08:59:21 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/06/25 08:57:25 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Betty\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Betty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: LessTabs = C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: TotalRecipeSearch = C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiephjcjbgpibjlmcnlnohoclblaaokd\4.94.1.44146_0\
CHR - Extension: LyricsSpeaker = C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgeophbbmfgkjghdgfgelpipdoclljo\1.116_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (LyricsSpeaker) - {15467C9F-3784-4109-89C9-6ED7100B96B8} - C:\Program Files\LyricsSpeaker\116.dll (LyricsSpeaker LTD)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [Facebook Update] C:\Users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1990609593-3534744734-3468119329-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5299EDC5-C09C-495E-ABB6-F6BDA5F81CBD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F786643-8A2C-40C2-972B-DC9C7E733C44}: DhcpNameServer = 24.116.0.53 24.116.2.50
O20 - AppInit_DLLs: (c:\progra~2\browse~2\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Betty\Pictures\black deer 2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Betty\Pictures\black deer 2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/09 18:02:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Betty\Desktop\OTL.exe
[2013/07/09 15:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/09 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/08 22:16:17 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Betty\Desktop\TFC.exe
[2013/07/08 22:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/08 22:14:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/08 22:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/07 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsSpeaker
[2013/07/01 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(7)
[2013/07/01 20:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(27)
[2013/06/25 09:00:33 | 000,000,000 | ---D | C] -- C:\Users\Betty\AppData\Roaming\RealNetworks
[2013/06/25 08:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/06/25 08:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/21 15:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks(481)
[2013/06/21 15:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks(503)
[2013/06/20 16:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/06/17 11:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/17 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013/06/17 11:04:26 | 000,000,000 | ---D | C] -- C:\Users\Betty\AppData\Roaming\Driver Pro
[2013/06/17 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2013/06/17 10:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/06/17 10:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/06/17 10:54:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/06/17 10:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/06/17 10:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue

========== Files - Modified Within 30 Days ==========

[2013/07/09 18:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Betty\Desktop\OTL.exe
[2013/07/09 17:47:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/09 17:47:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/09 17:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/09 17:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/09 16:50:59 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/07/09 16:50:44 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\LyricsSpeaker Update.job
[2013/07/09 16:50:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/09 16:50:34 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/09 15:53:22 | 000,653,338 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/09 15:53:22 | 000,123,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/09 15:51:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000UA.job
[2013/07/09 15:47:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/08 22:53:50 | 000,000,231 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/08 22:16:01 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Betty\Desktop\TFC.exe
[2013/07/08 22:14:22 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/28 18:51:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000Core.job
[2013/06/28 18:16:58 | 000,405,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/27 14:35:56 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/27 14:35:56 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/27 14:35:56 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/27 14:35:56 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 14:35:56 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/27 14:35:56 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/27 12:30:52 | 000,004,369 | ---- | M] () -- C:\Users\Betty\Documents\Help.eml
[2013/06/25 08:59:33 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/25 08:57:13 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/06/23 21:02:43 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/23 21:02:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/21 20:28:48 | 000,030,813 | ---- | M] () -- C:\Users\Betty\Documents\1MS STATE.jpg
[2013/06/20 21:10:15 | 000,075,779 | ---- | M] () -- C:\Users\Betty\Desktop\Ole Man River.htm
[2013/06/20 14:01:59 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/17 11:07:12 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/17 11:04:36 | 000,000,834 | ---- | M] () -- C:\Users\Betty\Desktop\Driver Pro.lnk
[2013/06/17 10:54:35 | 000,000,954 | ---- | M] () -- C:\Users\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk

========== Files Created - No Company Name ==========

[2013/07/08 22:53:27 | 000,000,231 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/08 22:14:22 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/07 08:11:02 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\LyricsSpeaker Update.job
[2013/06/28 18:16:37 | 000,405,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/27 14:35:56 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 12:30:49 | 000,004,369 | ---- | C] () -- C:\Users\Betty\Documents\Help.eml
[2013/06/26 16:07:46 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 16:07:45 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/25 08:59:33 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/06/23 21:55:03 | 000,030,813 | ---- | C] () -- C:\Users\Betty\Documents\1MS STATE.jpg
[2013/06/20 21:09:33 | 000,075,779 | ---- | C] () -- C:\Users\Betty\Desktop\Ole Man River.htm
[2013/06/17 11:07:12 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/17 11:04:36 | 000,000,834 | ---- | C] () -- C:\Users\Betty\Desktop\Driver Pro.lnk
[2013/06/17 10:54:44 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013/06/17 10:54:35 | 000,000,954 | ---- | C] () -- C:\Users\Betty\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/05/22 12:29:33 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/22 12:29:33 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/02 23:06:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\2a2c2720365f292b_c
[2013/04/24 10:20:31 | 000,000,258 | RHS- | C] () -- C:\Users\Betty\ntuser.pol
[2013/03/20 22:18:42 | 000,373,745 | ---- | C] () -- C:\Users\Betty\Wells Brothers Flyer.pdf
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/10/05 17:46:45 | 005,242,880 | ---- | C] () -- C:\Users\Betty\edbres00002.jrs
[2012/10/05 17:46:45 | 000,008,192 | ---- | C] () -- C:\Users\Betty\edb.chk
[2012/10/05 17:46:44 | 005,242,880 | ---- | C] () -- C:\Users\Betty\edbres00001.jrs
[2012/01/19 22:23:47 | 000,094,849 | ---- | C] () -- C:\Users\Betty\407911_3100783487472_1500746983_2911755_84901575_n.jpg
[2011/02/23 23:51:25 | 002,011,186 | ---- | C] () -- C:\Users\Betty\Blue.jpg
[2011/01/18 20:06:59 | 000,000,680 | ---- | C] () -- C:\Users\Betty\AppData\Local\d3d9caps.dat
[2010/11/04 11:13:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 11:32:47 | 002,011,186 | ---- | C] () -- C:\Users\Betty\101_2768.JPG
[2009/09/14 18:50:35 | 000,004,096 | -H-- | C] () -- C:\Users\Betty\AppData\Local\keyfile3.drm
[2009/07/27 18:53:58 | 000,026,112 | ---- | C] () -- C:\Users\Betty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 07:07:03 | 000,007,212 | -HS- | C] () -- C:\Users\Betty\Folder.jpg
[2009/07/08 07:07:03 | 000,002,025 | -HS- | C] () -- C:\Users\Betty\AlbumArtSmall.jpg
[2009/05/20 21:52:15 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/05 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\AVG2013
[2013/06/17 11:04:58 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\Driver Pro
[2013/06/23 23:58:44 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\MyEmoticons
[2013/03/03 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\player
[2013/02/18 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\Samsung
[2012/08/30 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\TOSHIBA
[2012/09/05 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\TuneUp Software
[2010/06/23 19:03:16 | 000,000,000 | ---D | M] -- C:\Users\Betty\AppData\Roaming\Walgreens
[2012/09/23 15:30:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/09/23 15:30:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 757 bytes -> C:\Users\Betty\Documents\he Lord's Prayer.eml:OECustomProperty
@Alternate Data Stream - 526 bytes -> C:\Users\Betty\Documents\Help.eml:OECustomProperty

< End of report >

Thanks for your help,
betjunk21

Attached Thumbnails

  • error 1.jpg
  • error 2.jpg
  • pop up.jpg

  • 0

Advertisements

#2
gringo_pr
Posted 09 July 2013 - 11:53 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello betjunk21

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
betjunk21
Posted 10 July 2013 - 07:40 AM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for such a quick response. I forgot to mention in my first post I had already run the adwcleaner. I have that log. When trying to run the Junk removal tool it asked "Value AppInit_DLLs exists, overwrite(yes/no)? What should I choose? Here is the adwcleaner log.

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 22:53:18
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Betty - BETTY-PC
# Boot Mode : Normal
# Running from : C:\Users\Betty\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
Stopped & Deleted : Updater By SweetPacks

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Anti-phishing Domain Advisor
Deleted on reboot : C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Betty\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\delta.xml
File Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\searchplugins\SweetIm.xml
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Windows\Tasks\SpeedUpMyPC.job
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\DnsBasic
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\InternetHelper1.5
Folder Deleted : C:\Program Files\MixiDJ_V31
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SingAlong
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Program Files\Vafmusic
Folder Deleted : C:\Program Files\WhiteSmoke_B
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DnsBasic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Betty\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Betty\AppData\Local\Conduit
Folder Deleted : C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Deleted : C:\Users\Betty\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Betty\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Betty\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Betty\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Betty\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Betty\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Betty\AppData\LocalLow\InternetHelper1.5
Folder Deleted : C:\Users\Betty\AppData\LocalLow\MixiDJ_V31
Folder Deleted : C:\Users\Betty\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Betty\AppData\LocalLow\Vafmusic
Folder Deleted : C:\Users\Betty\AppData\LocalLow\WhiteSmoke_B
Folder Deleted : C:\Users\Betty\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Betty\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Betty\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Betty\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\[email protected]
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\[email protected]
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\[email protected]
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\extensions\[email protected]
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\Smartbar
Folder Deleted : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Betty\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Betty\AppData\Roaming\WebCake
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper1.5
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V31
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\e53ddd8b268e514
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper1.5 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V31 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vafmusic Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_B Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC0F4664-A09E-4C5F-BFAC-F87648B3F817}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Vafmusic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DC0F4664-A09E-4C5F-BFAC-F87648B3F817}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287375
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298567
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\SOFTWARE\e53ddd8b268e514
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\Software\InternetHelper1.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DC51A4C-3002-4265-846B-EDD3176DE2B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F046B65-B50B-4C42-A2CE-8B1880EEF0F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F836C4C-BF9F-48E9-BADF-8CFEF5113711}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C71389E-56D2-49B9-B2D7-3A87FA1AEF70}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF2C420-C24E-416F-8E5C-1A80AC802DC4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8370DED3-636E-42D7-A3DE-8F888DCA6785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB095E57-ABD5-40CD-9DF7-736803FF9431}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E15FF51C-E132-4837-9F69-331C1FF47772}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61F6DAF6-F6DE-4A6E-8862-D87E8C98EF1A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC0F4664-A09E-4C5F-BFAC-F87648B3F817}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V31 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\MixiDJ_V31
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Vafmusic
Key Deleted : HKLM\Software\WhiteSmoke_B
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6C3BC03F-D7B9-43AC-8931-C242E3CAE971}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{988919FF-0CD8-4D0C-BC7E-60D55A49EB64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298567&octid=CT3298567&SearchSource=61&CUI=UN15840909632064914&UM=2&UP=SPB5CBD1D8-EC0E-4137-9B9B-114E68AFEFA2 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60526 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://www.inbox.com/homepage.aspx?tbid=80110&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={26F9B030-D766-11E2-BFDC-001E3397F77C} --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\prefs.js

C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\user.js ... Deleted !

Deleted : user_pref("CT3247201.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3247201.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3247201.1000234.TWC_TMP_city", "CLEVELAND");
Deleted : user_pref("CT3247201.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3247201.1000234.TWC_locId", "USOH0195");
Deleted : user_pref("CT3247201.1000234.TWC_location", "Cleveland, OH");
Deleted : user_pref("CT3247201.1000234.TWC_region", "US");
Deleted : user_pref("CT3247201.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3247201.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3247201.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"75°F\",\"temperat[...]
Deleted : user_pref("CT3247201.CT3247201ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyNzclMj[...]
Deleted : user_pref("CT3247201.CT3247201current_term.enc", "");
Deleted : user_pref("CT3247201.CT3247201sdate.enc", "MTk=");
Deleted : user_pref("CT3247201.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3247201.FirstTime", "true");
Deleted : user_pref("CT3247201.FirstTimeFF3", "true");
Deleted : user_pref("CT3247201.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Deleted : user_pref("CT3247201.UserID", "UN35843199325358743");
Deleted : user_pref("CT3247201.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3247201.autoDisableScopes", 0);
Deleted : user_pref("CT3247201.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3247201.defaultSearch", "true");
Deleted : user_pref("CT3247201.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3247201.enableAlerts", "always");
Deleted : user_pref("CT3247201.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3247201.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3247201.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3247201.fixPageNotFoundError", "true");
Deleted : user_pref("CT3247201.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3247201.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3247201.fixUrls", true);
Deleted : user_pref("CT3247201.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Deleted : user_pref("CT3247201.installId", "air8E46.exe");
Deleted : user_pref("CT3247201.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3247201.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3247201.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3247201.isNewTabEnabled", true);
Deleted : user_pref("CT3247201.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3247201.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3247201.keyword", true);
Deleted : user_pref("CT3247201.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3247201.lastVersion", "10.15.0.562");
Deleted : user_pref("CT3247201.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3247201.migrateAppsAndComponents", true);
Deleted : user_pref("CT3247201.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fstart.sweetpacks[...]
Deleted : user_pref("CT3247201.openThankYouPage", "false");
Deleted : user_pref("CT3247201.openUninstallPage", "true");
Deleted : user_pref("CT3247201.search.searchAppId", "10000002");
Deleted : user_pref("CT3247201.search.searchCount", "0");
Deleted : user_pref("CT3247201.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3247201.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3247201.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3247201.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3247201.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3247201.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363654260817");
Deleted : user_pref("CT3247201.serviceLayer_services_appTracking_lastUpdate", "1361845312253");
Deleted : user_pref("CT3247201.serviceLayer_services_appsMetadata_lastUpdate", "1364149162277");
Deleted : user_pref("CT3247201.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363654260951");
Deleted : user_pref("CT3247201.serviceLayer_services_location_lastUpdate", "1364149162576");
Deleted : user_pref("CT3247201.serviceLayer_services_login_10.10.27.6_lastUpdate", "1362696017377");
Deleted : user_pref("CT3247201.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364149162283");
Deleted : user_pref("CT3247201.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363654261033");
Deleted : user_pref("CT3247201.serviceLayer_services_searchAPI_lastUpdate", "1364149162665");
Deleted : user_pref("CT3247201.serviceLayer_services_serviceMap_lastUpdate", "1364149161623");
Deleted : user_pref("CT3247201.serviceLayer_services_setupAPI_lastUpdate", "1364149162994");
Deleted : user_pref("CT3247201.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363654260824");
Deleted : user_pref("CT3247201.serviceLayer_services_toolbarSettings_lastUpdate", "1364149162724");
Deleted : user_pref("CT3247201.serviceLayer_services_translation_lastUpdate", "1364149162907");
Deleted : user_pref("CT3247201.settingsINI", true);
Deleted : user_pref("CT3247201.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3247201.showToolbarPermission", "false");
Deleted : user_pref("CT3247201.smartbar.CTID", "CT3247201");
Deleted : user_pref("CT3247201.smartbar.Uninstall", "0");
Deleted : user_pref("CT3247201.smartbar.homepage", true);
Deleted : user_pref("CT3247201.smartbar.toolbarName", "InternetHelper1.5 ");
Deleted : user_pref("CT3247201.toolbarBornServerTime", "22-1-2013");
Deleted : user_pref("CT3247201.toolbarCurrentServerTime", "24-3-2013");
Deleted : user_pref("CT3247201.toolbarLoginClientTime", "Wed May 08 2013 20:25:33 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3247201.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3247201_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3279141.FF19Solved", "true");
Deleted : user_pref("CT3279141.UserID", "UN34598522271153362");
Deleted : user_pref("CT3279141.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3279141.autoDisableScopes", 0);
Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3279141.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3279141.installDate", "3/3/2013 15:33:44");
Deleted : user_pref("CT3279141.keyword", "true");
Deleted : user_pref("CT3287375.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3287375.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3287375.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3287375.FF19Solved", "true");
Deleted : user_pref("CT3287375.FirstTime", "true");
Deleted : user_pref("CT3287375.FirstTimeFF3", "true");
Deleted : user_pref("CT3287375.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3287375.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287375.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3287375.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3287375.SF_USER_ID.enc", "Y2lkXzE5NjIwMTMyMjM2NDc0MjQzNDI4");
Deleted : user_pref("CT3287375.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3287375.UserID", "UN27432806631600415");
Deleted : user_pref("CT3287375.YTbyClickFavorites.enc", "W10=");
Deleted : user_pref("CT3287375.YTbyClickRecent.enc", "W10=");
Deleted : user_pref("CT3287375.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3287375.autoDisableScopes", 0);
Deleted : user_pref("CT3287375.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3287375.cbfirsttime.enc", "V2VkIE1heSAyOSAyMDEzIDIwOjAxOjEyIEdNVC0wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3287375.defaultSearch", "true");
Deleted : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3287375.enableAlerts", "true");
Deleted : user_pref("CT3287375.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3287375.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3287375.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3287375.fixPageNotFoundError", "true");
Deleted : user_pref("CT3287375.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3287375.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3287375.fixUrls", true);
Deleted : user_pref("CT3287375.installDate", "24/4/2013 10:19:59");
Deleted : user_pref("CT3287375.installId", "stub.exe");
Deleted : user_pref("CT3287375.installSessionId", "{9CE3E5C0-539A-45D2-9B16-91B4DBFB8C7A}");
Deleted : user_pref("CT3287375.installSp", "TRUE");
Deleted : user_pref("CT3287375.installType", "conduitnsisintegration");
Deleted : user_pref("CT3287375.installUsage", "2013-05-30T04:00:43.6912615+03:00");
Deleted : user_pref("CT3287375.installUsageEarly", "2013-05-30T04:00:25.4566531+03:00");
Deleted : user_pref("CT3287375.installerVersion", "1.4.1.3");
Deleted : user_pref("CT3287375.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3287375.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287375.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3287375.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3287375.keyword", "true");
Deleted : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3287375.lastVersion", "10.15.2.23");
Deleted : user_pref("CT3287375.mam_gk_appStateReportTime.enc", "MTM3MjE2OTUwODYxMQ==");
Deleted : user_pref("CT3287375.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3287375.mam_gk_appState_PiclickV2.enc", "b24=");
Deleted : user_pref("CT3287375.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3287375.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3287375.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3287375.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Deleted : user_pref("CT3287375.mam_gk_currentBadgeValue.enc", "MQ==");
Deleted : user_pref("CT3287375.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3287375.mam_gk_eventsCache.enc", "eyI4NzZlMWM4Yi1lZTRhLTRlZTctYWJkNC1iZDM4MGYwNDgwMjYiO[...]
Deleted : user_pref("CT3287375.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3287375.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3287375.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287375.mam_gk_lastLoginTime.enc", "MTM3MjE2OTUwNTM2OA==");
Deleted : user_pref("CT3287375.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3287375.mam_gk_newApps.enc", "W3siaWQiOiJEaXNjb3ZlciIsIm5hbWUiOiJEaXNjb3ZlciIsImRlc2Nya[...]
Deleted : user_pref("CT3287375.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287375.mam_gk_settings1.6.0.99.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
Deleted : user_pref("CT3287375.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3287375.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287375.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287375.mam_gk_userId.enc", "ZTQ1ZGYxOTMtZTAxNi00NmU2LWJjZjEtZWEwNjcxZTlmYTA2");
Deleted : user_pref("CT3287375.migrateAppsAndComponents", true);
Deleted : user_pref("CT3287375.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3287375.openThankYouPage", "false");
Deleted : user_pref("CT3287375.openUninstallPage", "true");
Deleted : user_pref("CT3287375.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3287375.revertSettingsEnabled", "false");
Deleted : user_pref("CT3287375.search.searchAppId", "10000002");
Deleted : user_pref("CT3287375.search.searchCount", "0");
Deleted : user_pref("CT3287375.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3287375.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3287375.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3287375.searchRevert", "false");
Deleted : user_pref("CT3287375.searchUserMode", "2");
Deleted : user_pref("CT3287375.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287375.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3287375.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369875647049");
Deleted : user_pref("CT3287375.serviceLayer_services_appsMetadata_lastUpdate", "1369875642277");
Deleted : user_pref("CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369875641808");
Deleted : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369875623[...]
Deleted : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369875641149")[...]
Deleted : user_pref("CT3287375.serviceLayer_services_location_lastUpdate", "1369875624943");
Deleted : user_pref("CT3287375.serviceLayer_services_login_10.15.2.23_lastUpdate", "1369875630821");
Deleted : user_pref("CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369875641904");
Deleted : user_pref("CT3287375.serviceLayer_services_searchAPI_lastUpdate", "1369875625092");
Deleted : user_pref("CT3287375.serviceLayer_services_serviceMap_lastUpdate", "1369875616224");
Deleted : user_pref("CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369875641733");
Deleted : user_pref("CT3287375.serviceLayer_services_toolbarSettings_lastUpdate", "1369875625160");
Deleted : user_pref("CT3287375.serviceLayer_services_translation_lastUpdate", "1369875642255");
Deleted : user_pref("CT3287375.settingsINI", true);
Deleted : user_pref("CT3287375.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3287375.showToolbarPermission", "false");
Deleted : user_pref("CT3287375.smartbar.CTID", "CT3287375");
Deleted : user_pref("CT3287375.smartbar.Uninstall", "0");
Deleted : user_pref("CT3287375.smartbar.homepage", "true");
Deleted : user_pref("CT3287375.smartbar.toolbarName", "Vafmusic ");
Deleted : user_pref("CT3287375.startPage", "true");
Deleted : user_pref("CT3287375.toolbarBornServerTime", "30-5-2013");
Deleted : user_pref("CT3287375.toolbarCurrentServerTime", "30-5-2013");
Deleted : user_pref("CT3287375.toolbarLoginClientTime", "Wed May 29 2013 20:00:30 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3287375.versionFromInstaller", "10.15.2.23");
Deleted : user_pref("CT3287375_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3298567.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3298567.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3298567.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3298567.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3298567.FF19Solved", "true");
Deleted : user_pref("CT3298567.FirstTime", "true");
Deleted : user_pref("CT3298567.FirstTimeFF3", "true");
Deleted : user_pref("CT3298567.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Deleted : user_pref("CT3298567.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3298567.UserID", "UN29008383742332025");
Deleted : user_pref("CT3298567.YTbyClickFavorites.enc", "W10=");
Deleted : user_pref("CT3298567.YTbyClickRecent.enc", "W10=");
Deleted : user_pref("CT3298567.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3298567.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3298567.defaultSearch", "true");
Deleted : user_pref("CT3298567.embeddedsData", "[{\"appId\":\"130110228079688309\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3298567.enableAlerts", "true");
Deleted : user_pref("CT3298567.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3298567.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3298567.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3298567.fixPageNotFoundError", "true");
Deleted : user_pref("CT3298567.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3298567.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3298567.fixUrls", true);
Deleted : user_pref("CT3298567.fullUserID", "UN29008383742332025.IN.20130617110504");
Deleted : user_pref("CT3298567.installDate", "17/06/2013 11:05:08");
Deleted : user_pref("CT3298567.installId", "cid119");
Deleted : user_pref("CT3298567.installSessionId", "{6160305F-F604-4422-888D-D154ADCD7E49}");
Deleted : user_pref("CT3298567.installSp", "TRUE");
Deleted : user_pref("CT3298567.installType", "conduitnsisintegration");
Deleted : user_pref("CT3298567.installUsage", "2013-06-20T06:36:55.4410689+03:00");
Deleted : user_pref("CT3298567.installUsageEarly", "2013-06-20T06:36:44.362873+03:00");
Deleted : user_pref("CT3298567.installerVersion", "1.4.3.0");
Deleted : user_pref("CT3298567.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3298567.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3298567.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3298567.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3298567.keyword", "true");
Deleted : user_pref("CT3298567.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3298567.lastVersion", "10.16.1.21");
Deleted : user_pref("CT3298567.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3298567.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3J[...]
Deleted : user_pref("CT3298567.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3298567.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3298567.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3298567.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3298567.mam_gk_userId.enc", "MDhkNzFiZjYtYzliMi00OWJmLWFhZmMtZmQ2MjdhMGI5YTZl");
Deleted : user_pref("CT3298567.migrateAppsAndComponents", true);
Deleted : user_pref("CT3298567.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3298567.openThankYouPage", "false");
Deleted : user_pref("CT3298567.openUninstallPage", "true");
Deleted : user_pref("CT3298567.originalHomepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.100[...]
Deleted : user_pref("CT3298567.originalSearchAddressUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000[...]
Deleted : user_pref("CT3298567.originalSearchEngine", "Bing");
Deleted : user_pref("CT3298567.revertSettingsEnabled", "false");
Deleted : user_pref("CT3298567.search.searchAppId", "130110228079688309");
Deleted : user_pref("CT3298567.search.searchCount", "0");
Deleted : user_pref("CT3298567.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3298567.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3298567.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3298567.searchRevert", "false");
Deleted : user_pref("CT3298567.searchUserMode", "2");
Deleted : user_pref("CT3298567.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3298567.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3298567.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3298567.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3298567.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1371699417684");
Deleted : user_pref("CT3298567.serviceLayer_services_appsMetadata_lastUpdate", "1371699417244");
Deleted : user_pref("CT3298567.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1371699416762");
Deleted : user_pref("CT3298567.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1371699407[...]
Deleted : user_pref("CT3298567.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1371699418482")[...]
Deleted : user_pref("CT3298567.serviceLayer_services_location_lastUpdate", "1371699408955");
Deleted : user_pref("CT3298567.serviceLayer_services_login_10.16.1.21_lastUpdate", "1371699417788");
Deleted : user_pref("CT3298567.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1371699417044");
Deleted : user_pref("CT3298567.serviceLayer_services_searchAPI_lastUpdate", "1371699417329");
Deleted : user_pref("CT3298567.serviceLayer_services_serviceMap_lastUpdate", "1371699389783");
Deleted : user_pref("CT3298567.serviceLayer_services_toolbarContextMenu_lastUpdate", "1371699416523");
Deleted : user_pref("CT3298567.serviceLayer_services_toolbarSettings_lastUpdate", "1371699408975");
Deleted : user_pref("CT3298567.serviceLayer_services_translation_lastUpdate", "1371699417215");
Deleted : user_pref("CT3298567.settingsINI", true);
Deleted : user_pref("CT3298567.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3298567.showToolbarPermission", "false");
Deleted : user_pref("CT3298567.smartbar.CTID", "CT3298567");
Deleted : user_pref("CT3298567.smartbar.Uninstall", "0");
Deleted : user_pref("CT3298567.smartbar.homepage", "true");
Deleted : user_pref("CT3298567.smartbar.toolbarName", "MixiDJ V31 ");
Deleted : user_pref("CT3298567.startPage", "true");
Deleted : user_pref("CT3298567.toolbarBornServerTime", "20-6-2013");
Deleted : user_pref("CT3298567.toolbarCurrentServerTime", "20-6-2013");
Deleted : user_pref("CT3298567.toolbarLoginClientTime", "Wed Jun 19 2013 22:36:57 GMT-0500 (Central Daylight T[...]
Deleted : user_pref("CT3298567.versionFromInstaller", "10.16.1.21");
Deleted : user_pref("CT3298567_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298567&octid=CT329856[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V31 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298567");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V31 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&CUI[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298567&octid=CT3298567&Sea[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=115932&tt=040912_ccp_3712_4");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "25");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "718A429A941FC86858780D841E73088D");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "ee316d9e000000000000001e3397f77c");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15593");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1218:58:45");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"70\",\"lastVrsn\":\"70\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1218:58:45");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115932&tt=040912_ccp_3712_4");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "ee316d9e000000000000001e3397f77c");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "ee316d9e000000000000001e3397f77c");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15440");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111803&tt=3212_[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1218:58:45");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_25.0.1364.172");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "TV");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "");
Deleted : user_pref("extensions.asktb.crumb", "2013.03.18+17.48.32-toolbar011iad-US-Q2xhcmtzZGFsZSxNUyxVbml0ZW[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "OSJ000YYUS");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USMS0067");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Deleted : user_pref("extensions.asktb.ff19-config-first-run", "true");
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "C3BF27E3-29D4-4682-AFBD-6771CDB6534C");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "upd");
Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1372169459855");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1371699429081");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Clarksdale,MS,United States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "100000031");
Deleted : user_pref("extensions.asktb.oldVersion", "5.15.23.36191");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "20");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "BDE28182-44B1-4C6D-B9D0-A4A93A2F2A34");
Deleted : user_pref("extensions.asktb.search-history-queries", "facebook||facebook login");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "4/25/2013 12:38:37 PM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.23.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.23.36191");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.hpFFXOld", "hxxp://search.conduit.com/?ctid=CT3298567&octid=CT3298567&Se[...]
Deleted : user_pref("extensions.delta.id", "ee316d9e000000000000001e3397f77c");
Deleted : user_pref("extensions.delta.instlDay", "15876");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.kwURLOld", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&Sea[...]
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.522:40:04");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.515:36:46");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=120518&tt=180613_ndt2&tsp=4919");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Deleted : user_pref("extensions.enabledAddons", "addon%40defaulttab.com:1.4.4,plugin%40getwebcake.com:1.00.01,[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298567");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN274328066[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298567");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298567");
Deleted : user_pref("smartbar.machineId", "3NCEUYSGF8L3IBUL9L5OTVM+1YUQGR6+4CDKP5KR2KL6JMJGGIKOBRLLDLYZPYYQTKY[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Deleted : user_pref("smartbar.originalSearchEngine", "InternetHelper1.5 Customized Web Search");
Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "false");
Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT32[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{26F9B030-D766-11E2-BFDC-001E3397F77C}");
Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_temp_referer", "hxxp://search.condu[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2365] : homepage = "hxxp://search.conduit.com/?CUI=UN10005781417111745&ctid=CT3276334&SearchSource=48",

*************************

AdwCleaner[S1].txt - [79708 octets] - [08/07/2013 22:53:18]

########## EOF - C:\AdwCleaner[S1].txt - [79769 octets] ##########
  • 0

#4
gringo_pr
Posted 10 July 2013 - 11:10 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello betjunk21

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
betjunk21
Posted 10 July 2013 - 03:39 PM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Still having the error messages at start up and the media player update adds are still popping up. I didn't run the junk remover tool yet because of the question it asked during the first part of the program. I had the question posted in my last post. If you want me to run that let me know. Here is the log requested.

Thanks,
betjunk21

ComboFix 13-07-09.01 - Betty 07/10/2013 14:08:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1673 [GMT -5:00]
Running from: c:\users\Betty\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2a2c2720365f292b_c
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\muzapp.exe
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2013-06-10 to 2013-07-10 )))))))))))))))))))))))))))))))
.
.
2013-07-10 19:20 . 2013-07-10 19:21 -------- d-----w- c:\users\Betty\AppData\Local\temp
2013-07-10 19:20 . 2013-07-10 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 13:21 . 2013-07-10 13:21 -------- d-----w- c:\windows\ERUNT
2013-07-09 20:45 . 2013-07-09 20:45 -------- d-----w- c:\program files\CCleaner
2013-07-09 03:53 . 2013-07-09 03:53 231 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 03:14 . 2013-07-09 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-09 03:14 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-07 13:10 . 2013-07-07 13:11 -------- d-----w- c:\program files\LyricsSpeaker
2013-07-02 01:12 . 2013-07-02 01:12 -------- d-----w- c:\program files\iPod(7)
2013-07-02 01:12 . 2013-07-02 01:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(27)
2013-06-26 15:49 . 2013-06-26 15:49 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-25 21:42 . 2013-06-25 21:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 14:00 . 2013-06-25 14:00 -------- d-----w- c:\users\Betty\AppData\Roaming\RealNetworks
2013-06-25 13:59 . 2013-06-25 13:59 -------- d-----w- c:\program files\RealNetworks
2013-06-25 13:59 . 2013-06-25 13:59 -------- d-----w- c:\programdata\RealNetworks
2013-06-20 21:50 . 2013-06-20 21:50 -------- d-----w- c:\programdata\WindowsSearch
2013-06-17 16:04 . 2013-06-17 16:04 -------- d-----w- c:\users\Betty\AppData\Roaming\Driver Pro
2013-06-17 16:04 . 2013-06-17 16:04 -------- d-----w- c:\program files\Driver Pro
2013-06-17 15:58 . 2013-06-17 15:58 -------- d-----w- c:\program files\Uninstaller
2013-06-17 15:54 . 2013-06-17 15:55 -------- d-----w- c:\windows\system32\jmdp
2013-06-17 15:54 . 2013-06-17 15:54 -------- d-----w- c:\windows\system32\ARFC
2013-06-17 15:54 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-17 15:54 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-17 15:54 . 2013-06-17 15:54 -------- d-----w- c:\program files\Uniblue
2013-06-14 15:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 15:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 15:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-14 15:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 15:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 15:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 15:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 15:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 15:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-14 15:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-14 15:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 03:12 . 2013-06-12 03:12 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:35 . 2013-05-22 17:29 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:35 . 2013-05-04 02:55 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:35 . 2013-05-01 23:24 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-25 21:41 . 2013-01-18 01:43 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 21:41 . 2011-11-18 03:34 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-25 13:56 . 2009-05-22 02:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-25 13:56 . 2008-03-26 07:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-12 03:12 . 2013-03-07 18:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 03:12 . 2013-03-07 18:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-05-22 17:29 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-04 02:55 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-01 23:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-05-01 23:24 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-05-04 02:55 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-05-04 02:55 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-05-04 02:55 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 17:58 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 17:58 37376 ----a-w- c:\windows\system32\cdd.dll
2010-07-22 00:12 . 2013-07-09 16:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{15467C9F-3784-4109-89C9-6ED7100B96B8}]
2013-06-24 09:00 185856 ----a-w- c:\program files\LyricsSpeaker\116.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Facebook Update"="c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-24 138096]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-10-30 340512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-06-25 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Betty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk]
path=c:\users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
backup=c:\windows\pss\tcbhn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-22 00:12 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 19:59 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-25 13:57 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:47 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 03:12]
.
2013-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000Core.job
- c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24 00:46]
.
2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000UA.job
- c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24 00:46]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 17:32]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 17:32]
.
2013-07-09 c:\windows\Tasks\LyricsSpeaker Update.job
- c:\program files\LyricsSpeaker\LyricsUpd.exe [2013-06-24 09:00]
.
2013-07-09 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-06-17 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\
FF - ExtSQL: 2013-05-22 12:29; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-25 08:59; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-07 08:10; [email protected]; c:\program files\LyricsSpeaker\116.xpi
FF - ExtSQL: !HIDDEN! 2010-08-02 13:26; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-hpqSRMon - (no file)
HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Google Update - c:\users\Betty\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-RockMelt Update - c:\users\Betty\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-DnsBasic - c:\program files\DnsBasic\uninstall.exe
AddRemove-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1 - c:\program files\Updater By SweetPacks\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-10 14:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-07-10 14:30:13
ComboFix-quarantined-files.txt 2013-07-10 19:30
.
Pre-Run: 166,928,084,992 bytes free
Post-Run: 167,051,485,184 bytes free
.
- - End Of File - - 5C7F17D856FB1853555414219CB2CD07
5B5E648D12FCADC244C1EC30318E1EB9
  • 0

#6
gringo_pr
Posted 10 July 2013 - 07:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello betjunk21

Sorry - Yes the message from JRT can be removed

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Betty\AppData\Roaming\Driver Pro
c:\program files\Driver Pro
c:\program files\LyricsSpeaker
c:\program files\Uniblue\SpeedUpMyPC

File::
c:\windows\Tasks\spmonitor.job
c:\windows\Tasks\LyricsSpeaker Update.job

Firefox::
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\
FF - ExtSQL: 2013-07-07 08:10; [email protected]; c:\program files\LyricsSpeaker\116.xpi

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
gringo_pr
Posted 10 July 2013 - 07:43 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello betjunk21

Sorry - Yes the message from JRT can be removed

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Betty\AppData\Roaming\Driver Pro
c:\program files\Driver Pro
c:\program files\LyricsSpeaker
c:\program files\Uniblue\SpeedUpMyPC

File::
c:\windows\Tasks\spmonitor.job
c:\windows\Tasks\LyricsSpeaker Update.job

Firefox::
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\
FF - ExtSQL: 2013-07-07 08:10; [email protected]; c:\program files\LyricsSpeaker\116.xpi

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#8
betjunk21
Posted 10 July 2013 - 08:18 PM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No error messages anymore and not video player update pop ups. Computer is running very smooth. Here is the log and THANKS so much.

betjunk21

ComboFix 13-07-09.01 - Betty 07/10/2013 20:58:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1829 [GMT -5:00]
Running from: c:\users\Betty\Desktop\ComboFix.exe
Command switches used :: c:\users\Betty\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\LyricsSpeaker Update.job"
"c:\windows\Tasks\spmonitor.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Driver Pro
c:\program files\Driver Pro\DPLauncher.exe
c:\program files\Driver Pro\DPSchedule.exe
c:\program files\Driver Pro\DPSmartScan.exe
c:\program files\Driver Pro\DPUninstaller.exe
c:\program files\Driver Pro\DriverPro.chm
c:\program files\Driver Pro\DriverPro.exe
c:\program files\Driver Pro\DriverProStart.exe
c:\program files\Driver Pro\English.ini
c:\program files\Driver Pro\file_id.diz
c:\program files\Driver Pro\HomePage.url
c:\program files\Driver Pro\scan.gif
c:\program files\Driver Pro\sqlite3.dll
c:\program files\Driver Pro\unins000.dat
c:\program files\Driver Pro\unins000.exe
c:\program files\LyricsSpeaker
c:\program files\LyricsSpeaker\116.crx
c:\program files\LyricsSpeaker\116.dat
c:\program files\LyricsSpeaker\116.dll
c:\program files\LyricsSpeaker\116.xpi
c:\program files\LyricsSpeaker\chrome.manifest
c:\program files\LyricsSpeaker\LyricsUpd.exe
c:\program files\LyricsSpeaker\sqlite3.dll
c:\program files\LyricsSpeaker\Uninstall.exe
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\SpeedUpMyPC\cwebpage.dll
c:\program files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
c:\program files\Uniblue\SpeedUpMyPC\locale\br\br.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\de\de.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\dk\dk.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\en\en.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\es\es.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\fi.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\fr.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\it\it.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\jp\jp.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\nl.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\no\no.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\ru.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\se\se.dll
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest
c:\program files\Uniblue\SpeedUpMyPC\msvcp90.dll
c:\program files\Uniblue\SpeedUpMyPC\msvcr90.dll
c:\program files\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files\Uniblue\SpeedUpMyPC\spnotifier.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
c:\users\Betty\AppData\Roaming\Driver Pro
c:\users\Betty\AppData\Roaming\Driver Pro\Devices.ini
c:\users\Betty\AppData\Roaming\Driver Pro\Drivers32.db
c:\users\Betty\AppData\Roaming\Driver Pro\Drivers64.db
c:\users\Betty\AppData\Roaming\Driver Pro\PCInfo.ini
c:\users\Betty\AppData\Roaming\Driver Pro\Scan.ini
c:\windows\Tasks\LyricsSpeaker Update.job
c:\windows\Tasks\spmonitor.job
.
.
((((((((((((((((((((((((( Files Created from 2013-06-11 to 2013-07-11 )))))))))))))))))))))))))))))))
.
.
2013-07-11 02:05 . 2013-07-11 02:06 -------- d-----w- c:\users\Betty\AppData\Local\temp
2013-07-11 02:05 . 2013-07-11 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 13:21 . 2013-07-10 13:21 -------- d-----w- c:\windows\ERUNT
2013-07-09 20:45 . 2013-07-09 20:45 -------- d-----w- c:\program files\CCleaner
2013-07-09 03:53 . 2013-07-09 03:53 231 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-09 03:14 . 2013-07-09 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-09 03:14 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 01:12 . 2013-07-02 01:12 -------- d-----w- c:\program files\iPod(7)
2013-07-02 01:12 . 2013-07-02 01:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1(27)
2013-06-26 15:49 . 2013-06-26 15:49 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-25 21:42 . 2013-06-25 21:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 14:00 . 2013-06-25 14:00 -------- d-----w- c:\users\Betty\AppData\Roaming\RealNetworks
2013-06-25 13:59 . 2013-06-25 13:59 -------- d-----w- c:\program files\RealNetworks
2013-06-25 13:59 . 2013-06-25 13:59 -------- d-----w- c:\programdata\RealNetworks
2013-06-20 21:50 . 2013-06-20 21:50 -------- d-----w- c:\programdata\WindowsSearch
2013-06-17 15:58 . 2013-06-17 15:58 -------- d-----w- c:\program files\Uninstaller
2013-06-17 15:54 . 2013-06-17 15:55 -------- d-----w- c:\windows\system32\jmdp
2013-06-17 15:54 . 2013-06-17 15:54 -------- d-----w- c:\windows\system32\ARFC
2013-06-17 15:54 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-17 15:54 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-17 15:54 . 2013-07-11 02:05 -------- d-----w- c:\program files\Uniblue
2013-06-14 15:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 15:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 15:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-14 15:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 15:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 15:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 15:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 15:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 15:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-14 15:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-14 15:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 03:12 . 2013-06-12 03:12 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 19:35 . 2013-05-22 17:29 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:35 . 2013-05-04 02:55 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:35 . 2013-05-01 23:24 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-25 21:41 . 2013-01-18 01:43 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 21:41 . 2011-11-18 03:34 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-25 13:56 . 2009-05-22 02:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-25 13:56 . 2008-03-26 07:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-12 03:12 . 2013-03-07 18:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 03:12 . 2013-03-07 18:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-05-22 17:29 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-04 02:55 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-01 23:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-05-01 23:24 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-05-04 02:55 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-05-04 02:55 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-05-04 02:55 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 17:58 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 17:58 37376 ----a-w- c:\windows\system32\cdd.dll
2010-07-22 00:12 . 2013-07-09 16:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 04:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Facebook Update"="c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-02-24 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-06-25 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Betty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk]
path=c:\users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
backup=c:\windows\pss\tcbhn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-22 00:12 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 19:59 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-25 13:57 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:47 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 03:12]
.
2013-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000Core.job
- c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24 00:46]
.
2013-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1990609593-3534744734-3468119329-1000UA.job
- c:\users\Betty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-24 00:46]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 17:32]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\yjehn886.default\
FF - ExtSQL: 2013-05-22 12:29; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-25 08:59; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-07 08:10; [email protected]; c:\program files\LyricsSpeaker\116.xpi
FF - ExtSQL: !HIDDEN! 2010-08-02 13:26; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{15467C9F-3784-4109-89C9-6ED7100B96B8} - c:\program files\LyricsSpeaker\116.dll
HKCU-Run-Driver Pro - c:\program files\Driver Pro\DPLauncher.exe
AddRemove-Driver Pro_is1 - c:\program files\Driver Pro\unins000.exe
[email protected] - c:\program files\LyricsSpeaker\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-10 21:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-07-10 21:07:29
ComboFix-quarantined-files.txt 2013-07-11 02:07
ComboFix2.txt 2013-07-10 19:30
.
Pre-Run: 167,071,698,944 bytes free
Post-Run: 167,123,464,192 bytes free
.
- - End Of File - - DF94F46FACA0AB76E278F5C14A923E75
5B5E648D12FCADC244C1EC30318E1EB9
  • 0

#9
gringo_pr
Posted 10 July 2013 - 08:32 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello betjunk21

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#10
betjunk21
Posted 11 July 2013 - 10:44 AM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I had an insurance ad pop up in Firefox that said it was presented by "Less Tabs"

32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
avast! Free Antivirus
Bejeweled
Bejeweled 2 Deluxe 1.1
Bonjour
BufferChm
Camera Assistant Software for Toshiba
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Driver Pro v3.0
DVD MovieFactory for TOSHIBA
eSupportQFolder
F4200
F4200_Help
Facebook Video Calling 1.2.0.287
FlashPlayer
Google Chrome
Google Desktop
Google Drive
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
iCloud
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 25
Java Auto Updater
LessTabs
LyricsSpeaker
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyEmoticons
MyFreeCodec
NetZero Internet Access Installer
Picasa 2
PSSWCORE
QuickBooks Financial Center
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TotalRecipeSearch Toolbar Chrome Extension
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VideoToolkit01
VoiceOver Kit
WebReg
WildTangent Games
Windows Media Encoder 9 Series


Thanks,
betjunk21

Edited by betjunk21, 11 July 2013 - 10:46 AM.

  • 0

Advertisements

#11
gringo_pr
Posted 11 July 2013 - 12:02 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.7)
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#12
betjunk21
Posted 11 July 2013 - 09:28 PM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I am going to out of town for a couple of days. I will get back with you Sunday. Thanks again for your help.
  • 0

#13
gringo_pr
Posted 12 July 2013 - 07:16 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No problem and I will check on you then


Gringo
  • 0

#14
betjunk21
Posted 14 July 2013 - 09:33 PM

betjunk21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Gringo thanks for your help. I made it back late and now I will be leaving tomorrow and will not be back till Saturday. I would love to check back with you then.
  • 0

#15
gringo_pr
Posted 14 July 2013 - 09:45 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem but if it gets closed just send me a PM



gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP