Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups, browser hijacking. [Solved]


  • This topic is locked This topic is locked

#1
sewildman50

sewildman50

    Member

  • Member
  • PipPip
  • 95 posts
Hello,

When using Firefox, pop-ups occurring frequently, the search field has been hijacked, as well as the home page. Computer running noticeably slower.

Any help would be greatly appreciated.

Here's my OTL log:

OTL logfile created on: 7/13/2013 9:48:24 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 31.22% Memory free
4.34 Gb Paging File | 2.74 Gb Available in Paging File | 63.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 106.87 Gb Free Space | 22.95% Space Free | Partition Type: NTFS

Computer Name: SCOTT-D5BDE8847 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/02 18:28:27 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/22 21:23:58 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/23 01:23:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL(2).exe
PRC - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
PRC - [2012/07/19 19:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2011/10/08 00:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/05 20:24:28 | 000,132,936 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/10/05 20:21:56 | 000,288,088 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/08/04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/05/26 19:14:40 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011/05/26 19:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/03/14 13:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/01/04 17:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
PRC - [2011/01/04 17:51:14 | 004,318,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2011/01/04 17:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2010/06/07 16:10:06 | 000,378,088 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2010/06/07 16:10:06 | 000,166,944 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2010/06/07 16:09:06 | 000,382,208 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
PRC - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
PRC - [2009/11/02 17:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
PRC - [2009/01/12 08:25:52 | 000,176,128 | ---- | M] (WelltonWay) -- C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe
PRC - [2008/09/23 22:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2007/10/16 11:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2007/09/06 11:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/04/05 22:03:40 | 001,622,016 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/07/08 10:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2003/12/11 05:50:00 | 000,020,992 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2013/07/02 18:28:27 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/12 18:17:13 | 016,033,160 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/19 19:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
MOD - [2012/01/17 23:23:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2012/01/17 23:23:36 | 000,140,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
MOD - [2012/01/17 23:23:24 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
MOD - [2012/01/17 23:23:21 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2012/01/17 23:23:13 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2012/01/17 23:23:12 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2012/01/17 23:23:11 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2012/01/17 23:23:10 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2012/01/17 23:22:35 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012/01/17 23:22:25 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012/01/17 23:22:18 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f0e9a97ade4529d4caeccd467aa8e7db\Microsoft.VisualC.ni.dll
MOD - [2012/01/17 23:21:30 | 002,508,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
MOD - [2012/01/17 23:21:21 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012/01/17 23:21:16 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012/01/17 23:21:04 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/01/17 23:20:33 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012/01/17 23:10:53 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/17 23:10:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/05 20:24:28 | 000,132,936 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/10/05 20:23:26 | 000,009,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011/10/05 20:21:56 | 000,288,088 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2011/05/26 19:14:40 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2011/04/11 22:57:20 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/04 17:42:24 | 000,158,208 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll
MOD - [2010/06/07 13:40:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Rogers Backup Manager\libexpat.dll
MOD - [2009/11/06 13:53:08 | 000,202,752 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll
MOD - [2009/11/02 17:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 17:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/10/23 15:25:54 | 000,225,280 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll
MOD - [2009/03/29 22:34:30 | 000,280,143 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libidn-11.dll
MOD - [2009/03/27 16:02:24 | 000,332,254 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libssl32.dll
MOD - [2009/03/27 16:02:22 | 001,554,920 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libeay32.dll
MOD - [2009/03/25 11:15:00 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/01/12 08:21:38 | 001,286,144 | ---- | M] () -- C:\Program Files\Devnz\GBPVR\NativeUtilities.dll
MOD - [2009/01/12 08:20:50 | 000,094,208 | ---- | M] () -- C:\Program Files\Devnz\GBPVR\PVRUiPublic.dll
MOD - [2008/09/11 11:48:38 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll
MOD - [2008/05/16 06:18:58 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/05/16 06:18:58 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/13 20:12:03 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/16 11:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/06 11:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2007/08/16 22:40:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/12/04 10:00:00 | 000,172,032 | ---- | M] () -- C:\Program Files\Devnz\GBPVR\ICSharpCode.SharpZipLib.dll
MOD - [2006/07/02 10:32:30 | 000,489,472 | ---- | M] () -- C:\Program Files\Devnz\GBPVR\System.Data.SQLite.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - [2013/07/02 18:28:27 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/22 21:23:58 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/12 18:17:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/21 14:24:12 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2012/01/17 23:37:08 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan)
SRV - [2011/10/08 00:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/05 20:24:34 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/10/05 20:21:56 | 000,288,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011/05/26 19:14:40 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/05/26 19:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/01/04 17:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2010/06/07 16:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/06/07 16:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2009/11/02 17:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 13:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 13:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/01/12 08:25:52 | 000,176,128 | ---- | M] (WelltonWay) [Auto | Running] -- C:\Program Files\Devnz\GBPVR\GBPVRRecordingService.exe -- (GB-PVR Recording Service)
SRV - [2008/05/19 03:35:50 | 000,356,434 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe -- (jswpsapi)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/16 05:56:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | System | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/01/01 22:56:12 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2011/05/24 19:40:12 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/05/24 19:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/26 11:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 11:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 17:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 17:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 17:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 17:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 15:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/07/22 15:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/06/08 11:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/07/05 15:38:37 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/06/13 08:50:26 | 000,386,784 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:46:07 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/02/12 18:05:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/10/12 04:15:10 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/10/12 04:15:08 | 000,054,144 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/08/08 23:11:40 | 000,102,400 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/05/30 21:54:52 | 000,353,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/07/08 17:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 10:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/29 02:26:42 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstapeo.sys -- (MSPANEL)
DRV - [2003/12/15 13:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/11 05:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/12/11 05:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/12/11 05:50:00 | 000,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/12/11 05:50:00 | 000,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/12/11 05:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/12/05 05:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/11/11 07:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER)
DRV - [2001/08/17 09:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3286042
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}: "URL" = http://search.condui...5926186777&UM=2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ABABD613-3EAE-453C-A656-579BB2863C2A}: "URL" = http://www.google.ca...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 129.107.35.132:3128

========== FireFox ==========

FF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Amazon "
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://ca.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: %7B9ed31f84-c8b3-4926-b950-dff74047ff79%7D:10.16.4.519
FF - prefs.js..extensions.enabledAddons: extension21810%40extension21810.com:0.91.55
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...249015&UM=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/02 18:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/02 18:28:20 | 000,000,000 | ---D | M]

[2012/10/16 15:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions
[2012/10/17 19:34:30 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/06/23 14:54:55 | 000,000,000 | ---D | M] (KeyBar 1.8) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
[2013/06/17 18:48:04 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]
[2013/07/12 21:25:00 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\chrome
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\defaults
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\locale
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\skin
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\chrome\content\extensionCode
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\chrome
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\defaults
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\locale
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\skin
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\chrome\content\extensionCode
[2013/06/17 18:49:55 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\searchplugins\amazon.xml
[2013/06/17 18:52:21 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\searchplugins\conduit.xml
[2013/07/02 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/02 18:28:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2013/05/23 01:40:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.8 Toolbar) - {9ED31F84-C8B3-4926-B950-DFF74047FF79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe ()
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280122240660 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B174FDA-2722-4E57-89FE-B5877626514B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/30 03:40:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/02 18:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/25 10:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2013/06/17 18:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\gegl-0.0
[2013/06/17 18:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2013/06/17 18:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2013/06/17 18:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/06/17 18:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\KeyBar_1.8
[2013/06/17 18:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\KeyBar_1.8
[2013/06/17 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2013/06/17 18:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect
[2013/06/17 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\OtShot
[2013/06/17 18:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2013/06/17 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/06/17 18:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Amazon Browser Bar
[2013/06/17 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013/06/17 18:39:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/06/16 19:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fontconfig
[2013/06/16 19:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.8
[2013/06/16 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gegl-0.2
[2013/06/16 19:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/13 09:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 09:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/12 10:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/09 20:52:19 | 000,122,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\okayest mom.jpg
[2013/07/07 18:50:10 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2013/07/07 18:47:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/07 18:47:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/24 18:58:36 | 000,093,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gymnastics maddie 2.JPG
[2013/06/24 18:58:13 | 000,085,394 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gymnastics.JPG
[2013/06/17 19:38:20 | 000,090,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\6534660-black-pebble-with-engraved-message-love-faith-hope.jpg
[2013/06/17 19:29:15 | 000,007,716 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2013/06/17 19:27:07 | 027,040,363 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beach 2013.xcf
[2013/06/17 19:20:22 | 027,311,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\maddie beach.xcf
[2013/06/17 19:06:56 | 026,991,936 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sunset 2013.xcf
[2013/06/17 18:54:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2013/06/17 18:53:18 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/16 19:04:17 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/16 18:32:57 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{F5001FBD-5353-4B31-85D2-0B28A8746A06}
[2013/06/13 21:45:07 | 000,380,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pink-flower-free-facebook-cover.jpg
[2013/06/13 21:44:39 | 000,238,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\facebook-cover-photo-5.jpg
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/09 20:52:19 | 000,122,497 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\okayest mom.jpg
[2013/06/24 18:55:03 | 000,093,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gymnastics maddie 2.JPG
[2013/06/24 18:53:50 | 000,085,394 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gymnastics.JPG
[2013/06/17 19:38:19 | 000,090,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\6534660-black-pebble-with-engraved-message-love-faith-hope.jpg
[2013/06/17 19:29:15 | 000,007,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
[2013/06/17 19:27:04 | 027,040,363 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beach 2013.xcf
[2013/06/17 19:12:48 | 027,311,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\maddie beach.xcf
[2013/06/17 19:06:54 | 026,991,936 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sunset 2013.xcf
[2013/06/17 18:54:57 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2013/06/17 18:51:27 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/17 18:49:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2013/06/16 19:51:22 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
[2013/06/13 21:45:07 | 000,380,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pink-flower-free-facebook-cover.jpg
[2013/06/13 21:44:35 | 000,238,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\facebook-cover-photo-5.jpg
[2013/05/23 01:26:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/23 01:26:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/23 01:26:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/23 01:26:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/23 01:26:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/30 11:04:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/03/12 12:53:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2013/01/13 08:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/12/15 21:58:32 | 000,027,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/18 18:20:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/10/17 01:51:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2012/10/17 01:51:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2012/01/18 00:38:20 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/09/13 01:51:08 | 000,464,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-73586283-436374069-839522115-500-0.dat
[2011/09/13 01:51:07 | 000,176,414 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/28 23:52:52 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2010/05/26 23:15:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\PUTTY.RND
[2008/10/28 17:08:49 | 000,082,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/08/15 21:50:51 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/07/31 23:30:15 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2008/07/21 00:47:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2008/07/09 23:51:32 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/09 22:44:52 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/07/03 20:24:43 | 007,118,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2008/07/03 19:48:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Administrator\SI.bin

========== ZeroAccess Check ==========

[2008/08/02 16:18:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/04/13 20:11:53 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/01 16:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2013/01/28 21:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\0T1F0D1F2W1G1I1F1T1Q
[2012/12/29 14:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aimersoft Video Converter Ultimate
[2012/12/29 01:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AnvSoft
[2013/02/04 00:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2013/05/14 12:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2012/10/16 17:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2009/04/19 00:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/05/26 23:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GPass
[2008/09/01 22:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008/07/28 22:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/04/11 22:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/06/13 01:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PowerChallenge
[2013/06/28 02:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/01/01 23:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rogers Online Protection
[2013/06/17 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect
[2012/12/24 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment
[2010/01/10 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2013/05/19 12:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/10/28 17:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2013/03/22 11:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/29 14:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft Video Converter Ultimate
[2008/10/13 01:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aspyr
[2012/10/20 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/10/20 13:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/10/20 13:36:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/06/17 18:39:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/10/20 13:36:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/10/20 13:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/12/29 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2013/05/19 12:09:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/26 22:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/10/28 17:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/07/11 23:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/08/30 01:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2013/05/23 02:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/07/28 23:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/09 23:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/10/19 01:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/01/17 23:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockstar Games
[2012/01/01 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2013/03/30 10:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2013/06/17 18:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tmp
[2012/10/16 13:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012/10/17 02:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if the popups stop after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3286042
IE - HKCU\..\URLSearchHook: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}
IE - HKCU\..\SearchScopes\{5E935A6E-304A-4ACE-A9C0-3F7FC8C48199}: "URL" = http://search.condui...5926186777&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 129.107.35.132:3128
FF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI=UN41381812822249015&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledAddons: extension21810%40extension21810.com:0.91.55
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?octid=CT3286042&ctid=CT3286042&SearchSource=2&CUI=UN41381812822249015&UM=2&q="
[2012/10/17 19:34:30 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/06/23 14:54:55 | 000,000,000 | ---D | M] (KeyBar 1.8) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
[2013/06/17 18:48:04 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]
[2013/07/12 21:25:00 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\chrome
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\defaults
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\locale
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\skin
[2013/07/12 21:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\[email protected]\chrome\content\extensionCode
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\chrome
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\defaults
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\locale
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\skin
[2013/07/12 22:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged\[email protected]\chrome\content\extensionCode
O2 - BHO: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.8 Toolbar) - {9ED31F84-C8B3-4926-B950-DFF74047FF79} - C:\Program Files\KeyBar_1.8\prxtbKey0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe ()
[2013/06/25 10:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2013/06/17 18:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\gegl-0.0
[2013/06/17 18:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/06/17 18:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\KeyBar_1.8
[2013/06/17 18:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\KeyBar_1.8
[2013/06/17 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2013/06/17 18:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect
[2013/06/17 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\OtShot
[2013/01/28 21:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\0T1F0D1F2W1G1I1F1T1Q
[2013/06/28 02:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2013/06/17 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
sewildman50

sewildman50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Here is the AdwCleaner log. I neglected to save the OTL log after the fix was done. However, my original homepage is restored, as well as the links in my address drop-down list, I am no longer being redirected during internet searches, and there have been no more pop-ups. This is true for the past two days.



# AdwCleaner v2.305 - Logfile created 07/13/2013 at 14:11:37
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - SCOTT-D5BDE8847
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Updater Service for AMZN

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\searchplugins\Conduit.xml
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\Smartbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Amazon Browser Bar
Folder Deleted : C:\Program Files\Amazon Browser Bar

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\KeyBar_1.8
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5BF14EE-FDF8-4439-8E80-A4782E166D27}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D69174DF-47BC-4560-BA69-CAC8D85E1E2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KeyBar_1.8 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B78662B-577F-4D86-82C1-3752D2A160E4}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pfomklso.default\prefs.js

Deleted : user_pref("CT3286042.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3286042.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3286042.FF19Solved", "true");
Deleted : user_pref("CT3286042.FirstTime", "true");
Deleted : user_pref("CT3286042.FirstTimeFF3", "true");
Deleted : user_pref("CT3286042.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3286042.UserID", "UN41381812822249015");
Deleted : user_pref("CT3286042.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3286042.autoDisableScopes", -1);
Deleted : user_pref("CT3286042.browser.search.defaultthis.engineName", "");
Deleted : user_pref("CT3286042.countryCode", "CA");
Deleted : user_pref("CT3286042.defaultSearch", "true");
Deleted : user_pref("CT3286042.enableAlerts", "true");
Deleted : user_pref("CT3286042.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3286042.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3286042.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3286042.fixPageNotFoundError", "true");
Deleted : user_pref("CT3286042.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3286042.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3286042.fixUrls", true);
Deleted : user_pref("CT3286042.fullUserID", "UN41381812822249015.UP.20130623145501");
Deleted : user_pref("CT3286042.homepageuserchanged", true);
Deleted : user_pref("CT3286042.installDate", "17/6/2013 18:52:20");
Deleted : user_pref("CT3286042.installId", "conduitinstaller.exe");
Deleted : user_pref("CT3286042.installSessionId", "-1");
Deleted : user_pref("CT3286042.installSp", "TRUE");
Deleted : user_pref("CT3286042.installType", "conduitnsisintegration");
Deleted : user_pref("CT3286042.installUsage", "2013-06-18T01:52:58.507623+03:00");
Deleted : user_pref("CT3286042.installUsageEarly", "2013-06-18T01:52:55.7732655+03:00");
Deleted : user_pref("CT3286042.installerVersion", "1.4.2.3");
Deleted : user_pref("CT3286042.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3286042.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3286042.keyword", "true");
Deleted : user_pref("CT3286042.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3286042.lastVersion", "10.16.4.519");
Deleted : user_pref("CT3286042.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3286042.migrateAppsAndComponents", true);
Deleted : user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3286042.openThankYouPage", "false");
Deleted : user_pref("CT3286042.openUninstallPage", "true");
Deleted : user_pref("CT3286042.originalHomepage", "hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p14_serp[...]
Deleted : user_pref("CT3286042.originalSearchAddressUrl", "hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-[...]
Deleted : user_pref("CT3286042.originalSearchEngine", "Amazon ");
Deleted : user_pref("CT3286042.revertSettingsEnabled", "false");
Deleted : user_pref("CT3286042.search.searchAppId", "130052378822001564");
Deleted : user_pref("CT3286042.search.searchCount", "0");
Deleted : user_pref("CT3286042.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3286042.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3286042.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3286042.searchRevert", "false");
Deleted : user_pref("CT3286042.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3286042.searchUserMode", "2");
Deleted : user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3286042.serviceLayer_services_Configuration_lastUpdate", "1373678828744");
Deleted : user_pref("CT3286042.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1371509574073");
Deleted : user_pref("CT3286042.serviceLayer_services_appsMetadata_lastUpdate", "1371509574039");
Deleted : user_pref("CT3286042.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1371509573959");
Deleted : user_pref("CT3286042.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1371509571[...]
Deleted : user_pref("CT3286042.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1371509574398")[...]
Deleted : user_pref("CT3286042.serviceLayer_services_location_lastUpdate", "1371993854022");
Deleted : user_pref("CT3286042.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371993854057");
Deleted : user_pref("CT3286042.serviceLayer_services_login_10.16.2.9_lastUpdate", "1371583463736");
Deleted : user_pref("CT3286042.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373722030933");
Deleted : user_pref("CT3286042.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1371509574001");
Deleted : user_pref("CT3286042.serviceLayer_services_searchAPI_lastUpdate", "1373678828713");
Deleted : user_pref("CT3286042.serviceLayer_services_serviceMap_lastUpdate", "1373678828629");
Deleted : user_pref("CT3286042.serviceLayer_services_toolbarContextMenu_lastUpdate", "1371509573909");
Deleted : user_pref("CT3286042.serviceLayer_services_toolbarSettings_lastUpdate", "1373729236116");
Deleted : user_pref("CT3286042.serviceLayer_services_translation_lastUpdate", "1372253170788");
Deleted : user_pref("CT3286042.settingsINI", true);
Deleted : user_pref("CT3286042.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3286042.showToolbarPermission", "false");
Deleted : user_pref("CT3286042.smartbar.CTID", "CT3286042");
Deleted : user_pref("CT3286042.smartbar.Uninstall", "0");
Deleted : user_pref("CT3286042.smartbar.homepage", "true");
Deleted : user_pref("CT3286042.smartbar.isHidden", true);
Deleted : user_pref("CT3286042.smartbar.toolbarName", "KeyBar 1.8 ");
Deleted : user_pref("CT3286042.startPage", "true");
Deleted : user_pref("CT3286042.toolbarBornServerTime", "18-6-2013");
Deleted : user_pref("CT3286042.toolbarCurrentServerTime", "13-7-2013");
Deleted : user_pref("CT3286042.toolbarLoginClientTime", "Mon Jun 17 2013 18:52:54 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3286042.versionFromInstaller", "10.16.2.9");
Deleted : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_b[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3286042");
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1369286279);
Deleted : user_pref("extensions.crossriderapp21810.21810.active", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21810.21810.backgroundver", 39);
Deleted : user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1369286279");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1369286279");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Sat Jul 13 2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Sat Jul 13 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Thu Jul 18 201[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22CA%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1373723164");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221372075149%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_delay.value", "24");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_disclosure.value", "1369962415");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_list.expiration", "Sat Jul 13 2013 18:[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221368543685%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.value", "1369286415145");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221171%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22203603%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1369286308540");
Deleted : user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons d[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.domain", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.homepage", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.iframe", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "58");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Sat Jul [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.installer.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.installer.value", "%7B%22InstallerIdentifi[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension");
Deleted : user_pref("extensions.crossriderapp21810.21810.newtab", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 6);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 16);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 39);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 8);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 9);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 4);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 4);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 4);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 4);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_98.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,100[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21810.21810.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.pluginsversion", 52);
Deleted : user_pref("extensions.crossriderapp21810.21810.publisher", "Innovative Apps");
Deleted : user_pref("extensions.crossriderapp21810.21810.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21810.21810.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21810.21810.ver", 58);
Deleted : user_pref("extensions.crossriderapp21810.apps", "21810");
Deleted : user_pref("extensions.crossriderapp21810.bic", "13ecfd27f8a9ef6ca52194975cc9973c");
Deleted : user_pref("extensions.crossriderapp21810.cid", 21810);
Deleted : user_pref("extensions.crossriderapp21810.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21810.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21810.installationdate", 1369286279);
Deleted : user_pref("extensions.crossriderapp21810.lastcheck", 22895569);
Deleted : user_pref("extensions.crossriderapp21810.lastcheckitem", 22895582);
Deleted : user_pref("extensions.crossriderapp21810.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21810.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp21810.statsDailyCounter", 146);

*************************

AdwCleaner[R1].txt - [24422 octets] - [23/05/2013 01:00:36]
AdwCleaner[S1].txt - [24682 octets] - [23/05/2013 01:01:20]
AdwCleaner[S2].txt - [25707 octets] - [13/07/2013 14:11:37]

########## EOF - C:\AdwCleaner[S2].txt - [25768 octets] ##########
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Grand, I like a nice easy one sometimes :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Run AdwCleaner and press the uninstall button


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP