Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

conduit and other crap [Solved]

Started by odog , Dec 18 2013 02:32 PM

  • This topic is locked This topic is locked

#1
odog
Posted 18 December 2013 - 02:32 PM

odog

    Member

  • Member
  • PipPip
  • 23 posts
Friend brought me a computer that was having issues, slow slow slow internet, at first i thought the network card was bad. Ran linuxmint install disk and network card works fine ... so back to troubleshooting, ran avast and malwarebytes and sophos, cleaned up some crap, still running dog slow ... went into safe mode and ran malwarebytes and WOW, 899 hits for malware, new record ! Cleaned and restarted, now its better but i still think there is something lurking, so i downloaded OTL and ran a scan , Plz help !
  • 0

Advertisements

#2
odog
Posted 18 December 2013 - 02:38 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the otl file, Thanks for any help

Attached Files

  • Attached File  OTL.Txt   64.16KB   148 downloads

  • 0

#3
godawgs
Posted 19 December 2013 - 11:41 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello odog, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file. It should be in the C:\Users\thanhnguyen\Downloads folder.

I have pasted the OTL log into this post. In the future do not attach the logs. Copy and Paste them into your replies. It makes it easier to research them.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The aswMBR log
2. The Extras.txt log



OTL logfile created on: 12/18/2013 12:00:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thanhnguyen\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 71.13% Memory free
3.93 Gb Paging File | 3.45 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 252.30 Gb Free Space | 89.47% Space Free | Partition Type: NTFS

Computer Name: EMACHINES | User Name: thanhnguyen | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/18 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thanhnguyen\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/18 09:30:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/13 15:10:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 18:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/18 09:30:06 | 000,207,904 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/18 09:30:06 | 000,082,744 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/15 15:11:06 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/15 15:11:06 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: {53c4024f-5a2e-4f2a-b33e-e8784d730938} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=24-02-2013
&tb_mrud=03-03-2013
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes,DefaultScope = {C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=66043
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=24-02-2013
&tb_mrud=03-03-2013
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS460
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}: "URL" = http://search.condui...9092610823&UM=2
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{D4820E3D-028A-4D15-AF7F-0A2AB1E5AC0C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://vn.search.yah...erms}&fr=mkg028
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{F7743156-08A6-EFA8-2B22-C14CE44F71D8}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3287811.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\thanhnguyen\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/18 09:30:06 | 000,000,000 | ---D | M]

[2011/12/02 21:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Extensions
[2013/12/17 06:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions
[2013/01/19 17:03:31 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2013/12/01 15:52:28 | 000,000,000 | ---D | M] (DictAddon) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]
[2013/12/12 13:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\trash
[2011/12/02 22:14:47 | 000,001,945 | ---- | M] () -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\searchplugins\bing-zugo.xml
[2013/12/15 08:22:40 | 000,001,102 | ---- | M] () -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\searchplugins\visualbee-v12-customized-web-search.xml
[2013/12/18 10:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2013/02/22 16:53:38 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {53c4024f-5a2e-4f2a-b33e-e8784d730938} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\Toolbar\WebBrowser: (no name) - {53C4024F-5A2E-4F2A-B33E-E8784D730938} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\82319c5c-9ac2-481a-8ee9-3d441ef0e6fc.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000..\Run: [BackgroundContainer] C:\Users\thanhnguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.205 192.168.1.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C43E0BB9-072C-4878-897E-F95BD2D00B47}: DhcpNameServer = 192.168.1.205 192.168.1.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/18 09:30:10 | 000,082,744 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2013/12/17 11:35:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/12/17 11:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/17 09:25:26 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2013/12/17 08:54:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/17 08:22:44 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/12/16 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Programs
[2013/12/16 08:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/16 08:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/12/16 08:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/16 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/16 08:10:05 | 000,000,000 | ---D | C] -- C:\OLIVER
[2013/12/15 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\yahoo!
[2013/12/13 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Apps
[2013/12/13 18:11:45 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Deployment
[2013/12/13 15:10:20 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 17:36:57 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Macromedia
[2013/12/05 15:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/05 15:09:51 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\NativeMessaging
[2013/12/05 15:09:33 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Conduit
[2013/12/05 13:57:59 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\CRE
[2013/12/05 13:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/05 13:57:41 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\SearchProtect
[2013/12/05 13:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/12/05 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\emaze
[2013/12/01 15:52:33 | 000,000,000 | ---D | C] -- C:\temp
[2013/12/01 15:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/01 15:52:26 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\DictAddon
[2013/12/01 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\SwvUpdater
[2013/11/22 18:39:20 | 000,000,000 | ---D | C] -- C:\avast! sandbox

========== Files - Modified Within 30 Days ==========

[2013/12/18 11:02:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/18 11:02:42 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 10:33:31 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 10:33:31 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 10:10:26 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/18 09:32:22 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/18 09:30:15 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/18 09:30:06 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/18 09:30:06 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/18 09:30:06 | 000,082,744 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/18 09:30:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/18 09:26:24 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/17 12:27:31 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 08:57:19 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/17 07:09:54 | 000,001,412 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:05 | 000,778,150 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/16 08:12:05 | 000,659,580 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/16 08:12:05 | 000,120,508 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/15 06:38:38 | 000,001,363 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Player.lnk
[2013/12/15 06:38:38 | 000,001,182 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Studio 2013.lnk
[2013/12/13 15:10:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/13 15:10:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 15:10:20 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 15:17:51 | 000,771,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/12/05 15:10:42 | 000,000,000 | ---- | M] () -- C:\end

========== Files Created - No Company Name ==========

[2013/12/18 09:31:15 | 000,343,552 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/17 11:35:09 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 07:09:54 | 000,001,412 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:41 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/05 15:17:49 | 000,771,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/12/05 13:46:59 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/09 21:43:30 | 000,000,646 | ---- | C] () -- C:\Users\thanhnguyen\Minesweeper.lnk
[2012/01/17 22:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/17 22:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/17 22:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/08/29 21:21:15 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/08/29 20:28:32 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/02 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\.purple
[2013/12/17 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\24x7 Help
[2013/11/15 15:56:01 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\AVAST Software
[2013/12/18 10:30:51 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\DictAddon
[2011/12/23 14:32:17 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\Leadertech
[2011/12/02 21:47:28 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\OEM
[2013/12/05 13:57:41 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\SearchProtect
[2012/04/02 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

#4
odog
Posted 24 December 2013 - 10:17 AM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks so much for the feedback, with the holidays approaching I will be working on this beast to get the files you request, thanks again.
  • 0

#5
odog
Posted 24 December 2013 - 10:44 AM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok godawgs, ran the aswmbr and here is the file, followed by the Extras.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-24 08:32:33
-----------------------------
08:32:33.770 OS Version: Windows x64 6.1.7600
08:32:33.770 Number of processors: 2 586 0x170A
08:32:33.770 ComputerName: EMACHINES UserName:
08:32:34.690 Initialize success
08:32:38.185 AVAST engine defs: 13121800
08:33:05.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:33:05.375 Disk 0 Vendor: Hitachi_HDS721032CLA362 JPFOA3EA Size: 305245MB BusType: 3
08:33:05.500 Disk 0 MBR read successfully
08:33:05.500 Disk 0 MBR scan
08:33:05.516 Disk 0 unknown MBR code
08:33:05.516 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
08:33:05.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
08:33:05.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288759 MB offset 33761280
08:33:05.641 Disk 0 scanning C:\windows\system32\drivers
08:33:12.489 Service scanning
08:33:33.331 Modules scanning
08:33:33.331 Disk 0 trace - called modules:
08:33:33.362 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
08:33:33.362 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002753060]
08:33:33.377 3 CLASSPNP.SYS[fffff8800180243f] -> nt!IofCallDriver -> [0xfffffa80022ca520]
08:33:33.377 5 ACPI.sys[fffff88000f8e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800230c060]
08:33:34.298 AVAST engine scan C:\windows
08:33:36.497 AVAST engine scan C:\windows\system32
08:35:27.289 AVAST engine scan C:\windows\system32\drivers
08:35:36.243 AVAST engine scan C:\Users\thanhnguyen
08:37:11.825 AVAST engine scan C:\ProgramData
08:38:41.875 Scan finished successfully
08:38:59.690 Disk 0 MBR has been saved successfully to "C:\Users\thanhnguyen\Desktop\MBR.dat"
08:38:59.706 The log file has been saved successfully to "C:\Users\thanhnguyen\Desktop\aswMBR.txt"

Extras log,

OTL Extras logfile created on: 12/18/2013 11:13:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thanhnguyen\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.34% Memory free
3.93 Gb Paging File | 3.11 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 252.30 Gb Free Space | 89.47% Space Free | Partition Type: NTFS

Computer Name: EMACHINES | User Name: thanhnguyen | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37027095-D481-4B4D-9488-C28D5D1706B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61194830-003E-400D-82C6-DB3F234ECCD0}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84D3F720-2CB3-43C1-AB52-EFC9DE6AA178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA9DA42-3443-40D7-91CE-E36076D7F38F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0057F9E0-1757-413E-8D2B-8338B6B6B248}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75712289-501A-4C79-8597-8A5C320CD92E}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FB5CAB66-605E-4D70-8614-A08B382D695F}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{FF12FAD7-907C-46A9-B753-350099A3C57D}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B47797F6-4C28-3F32-83DC-2784335CA487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{b5447e12-ce50-45bc-8cc7-e54c099ba41f}" = Nero 9 Essentials
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Pidgin" = Pidgin
"SMPlayer" = SMPlayer 0.6.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078910" = Bejeweled 2 Deluxe
"WT078930" = Zuma Deluxe
"WT078954" = Blackhawk Striker 2
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079066" = Jewel Quest Solitaire 3
"WT079098" = Monopoly
"WT079102" = Mystery P.I. - Lost in Los Angeles
"WT079106" = Penguins!
"WT079110" = Plants vs. Zombies
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079150" = Scrabble Plus
"WT079154" = The Price is Right
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079316" = Escape Rosecliff Island
"WT079418" = Virtual Families
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for thanhnguyen
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for thanhnguyen

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 12/18/2013 3:03:01 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2013 3:03:01 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2013 3:03:04 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2013 3:03:04 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2013 3:03:04 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/18/2013 3:03:13 PM | Computer Name = emachines | Source = DCOM | ID = 10005
Description =

Error - 12/18/2013 3:03:19 PM | Computer Name = emachines | Source = DCOM | ID = 10005
Description =

Error - 12/18/2013 3:03:26 PM | Computer Name = emachines | Source = DCOM | ID = 10005
Description =

Error - 12/18/2013 3:03:26 PM | Computer Name = emachines | Source = DCOM | ID = 10005
Description =

Error - 12/18/2013 3:03:27 PM | Computer Name = emachines | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068


< End of report >

Thanks again for your help !
  • 0

#6
godawgs
Posted 26 December 2013 - 02:40 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi odog,

Thanks for the log. Sorry for the delay. I kinda got swamped with holiday functions. Hope yours was great.
The aswMBR scan is clean. The OTL scan shows mostly adware, crapware Browser Helper Objects an tooolbars. I don't see anything major
You have Window sidebar running which we will discuss. The User Account Control has been turned off. If you did this on purpose you can turn it back off but I have turned it on. I would recommend that you leave this extra protection on but the choice is yours.
You have Avast antivirus. Avast doesn't include firewall protection and the Windows firewall is turned off. We will turn it back on.


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ScorpionSaver
Sophos Virus Removal Tool

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\URLSearchHook: {53c4024f-5a2e-4f2a-b33e-e8784d730938} - No CLSID value found
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=24-02-2013
&tb_mrud=03-03-2013
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes,DefaultScope = {C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=66043
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=24-02-2013
&tb_mrud=03-03-2013
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}: "URL" = http://search.condui...9092610823&UM=2
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://vn.search.yah...erms}&fr=mkg028
FF - prefs.js..CT3287811.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.12 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
[2013/01/19 17:03:31 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2013/12/01 15:52:28 | 000,000,000 | ---D | M] (DictAddon) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]
[2013/12/12 13:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\trash
[2013/12/15 08:22:40 | 000,001,102 | ---- | M] () -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\searchplugins\visualbee-v12-customized-web-search.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {53c4024f-5a2e-4f2a-b33e-e8784d730938} - No CLSID value found.
O3 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\Toolbar\WebBrowser: (no name) - {53C4024F-5A2E-4F2A-B33E-E8784D730938} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2038435613-138853392-2710362757-1000..\Run: [BackgroundContainer] C:\Users\thanhnguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:FILES
C:\Program Files (x86)\Conduit
C:\ProgramData\Conduit
C:\Users\thanhnguyen\AppData\Local\Conduit
C:\Users\thanhnguyen\AppData\Local\CRE
C:\ProgramData\VisualBee
C:\Users\thanhnguyen\AppData\Roaming\DictAddon
C:\Users\thanhnguyen\AppData\Local\SwvUpdater
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Turn Windows Firewall On

Click here to go to the Microsoft support page for turning the firewall on or off.
Click the link > To turn on Windows Firewall and follow the directions to turn the firewall on.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went
2. Let me know if you were able to successfully turn the Windows firewall on
3. The OTL fixes log
4. The AdwCleaner[S0].txt log
5. How is the computer running now?
  • 0

#7
odog
Posted 26 December 2013 - 02:53 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Godawgs,
Happy Holidays to you also ... thanks so much for your reply, this computer will be fixed friday with your mods above on Friday. Till then, have the best leftovers !
  • 0

#8
odog
Posted 27 December 2013 - 12:19 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
1.The uninstalls for Sophos went fine, ScorpionSaver the uninstaller (or Installer)gave me a box stating "The feature you are trying to use is on a network resource that is unavailable" Says that ScorpionSaver.msi is missing and to look in a default location "c:\\temp\\".
2.Windows firewall is on.
3.Here is the OTL fixes log

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{53c4024f-5a2e-4f2a-b33e-e8784d730938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53c4024f-5a2e-4f2a-b33e-e8784d730938}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3B70AC2-DDA1-4149-8BBE-99B7AF163F70}\ not found.
Registry key HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "true" removed from CT3287811.browser.search.defaultthis.engineName
Prefs.js: "VisualBee V.12 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\META-INF folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\skin folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content\locale folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\{a018b213-6b46-4791-9298-519020db5737} folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\dictaddon\tests folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\dictaddon\lib folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\dictaddon folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\toolkit folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\windows folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\window folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\util folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\tabs folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\system folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\private-browsing\window folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\private-browsing folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\preferences folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\platform folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\page-mod folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\net folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\loader folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\lang folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\l10n folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\io folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\event folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\dom folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated\traits folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated\events folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\core folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\content folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\console folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\addon folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib\sdk folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\lib folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk\data folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources\addon-sdk folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\resources folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\[email protected] folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\trash\{53c4024f-5a2e-4f2a-b33e-e8784d730938}\Plugins folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\trash\{53c4024f-5a2e-4f2a-b33e-e8784d730938} folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\trash folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\searchplugins\visualbee-v12-customized-web-search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53c4024f-5a2e-4f2a-b33e-e8784d730938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53c4024f-5a2e-4f2a-b33e-e8784d730938}\ not found.
Registry value HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{53C4024F-5A2E-4F2A-B33E-E8784D730938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53C4024F-5A2E-4F2A-B33E-E8784D730938}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer deleted successfully.
C:\Users\thanhnguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Program Files (x86)\Conduit\CT3287811\plugins folder moved successfully.
C:\Program Files (x86)\Conduit\CT3287811 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\ProgramData\Conduit\Multi folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\Conduit\Chrome\CT3287811 folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\Conduit\Chrome folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\Conduit\BackgroundContainer folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\Conduit folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\CRE folder moved successfully.
C:\ProgramData\VisualBee folder moved successfully.
C:\Users\thanhnguyen\AppData\Roaming\DictAddon folder moved successfully.
C:\Users\thanhnguyen\AppData\Local\SwvUpdater folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\thanhnguyen\Desktop\cmd.bat deleted successfully.
C:\Users\thanhnguyen\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\thanhnguyen\Desktop\cmd.bat deleted successfully.
C:\Users\thanhnguyen\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\thanhnguyen\Desktop\cmd.bat deleted successfully.
C:\Users\thanhnguyen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: thanhnguyen
->Temp folder emptied: 21567100 bytes
->Temporary Internet Files folder emptied: 20473113 bytes
->FireFox cache emptied: 78675997 bytes
->Flash cache emptied: 642 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 463636 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1644007 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12272013_095107

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\thanhnguyen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


4.the adwCleaner log ,

# AdwCleaner v3.016 - Report created 27/12/2013 at 10:01:36
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : thanhnguyen - EMACHINES
# Running from : C:\OLIVER\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\user.js
File Found : C:\windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found C:\Program Files (x86)\PCFixSpeed
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\thanhnguyen\AppData\Local\NativeMessaging
Folder Found C:\Users\thanhnguyen\AppData\Local\Wajam
Folder Found C:\Users\thanhnguyen\AppData\LocalLow\Conduit
Folder Found C:\Users\thanhnguyen\AppData\LocalLow\VisualBee_V.12
Folder Found C:\Users\thanhnguyen\AppData\Roaming\24x7 help
Folder Found C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\Smartbar
Folder Found C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\ValueApps
Folder Found C:\Users\thanhnguyen\AppData\Roaming\Searchprotect
Folder Found C:\Users\thanhnguyen\Documents\DealRunner
Folder Found C:\Users\thanhnguyen\Documents\ShopToWin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Adpeak, Inc.
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Found : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\VisualBee_V.12
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53C4024F-5A2E-4F2A-B33E-E8784D730938}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Adpeak, Inc.
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\firstsearch
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B5B2257-F05D-4B30-BE4A-296308E9346A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D190684-5C47-4FDE-82E3-128B1D2AC9D7}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\Software\visualbee
Key Found : HKLM\Software\VisualBee_V.12
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\prefs.js ]

Line Found : user_pref("CT3287811.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3287811.FF19Solved", "true");
Line Found : user_pref("CT3287811.FirstTime", "true");
Line Found : user_pref("CT3287811.FirstTimeFF3", "true");
Line Found : user_pref("CT3287811.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3287811.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Found : user_pref("CT3287811.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3287811.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Found : user_pref("CT3287811.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3287811.SF_USER_ID", "%E9%EF%EA%E5%BB%B7%B8%B8%B6%B7%B9%B7%BD%B9%BC%BB%BF%BC%BC%BC%BB%BF%BE%BA");
Line Found : user_pref("CT3287811.SF_USER_ID.enc", "Y2lkXzUxMjIwMTMxNzM2NTk2NjY1OTg0");
Line Found : user_pref("CT3287811.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Found : user_pref("CT3287811.UserID", "UN51523499927838298");
Line Found : user_pref("CT3287811._key_cl_active", "%BE%EB%EB%BC%B6%B8%BA%E9%B3%EC%BB%B7%BB%B3%BA%BD%BA%E9%B3%E8%E7%BD%EA%B3%E9%BE%B9%BE%B9%BE%B6%E8%B7%B6%BD%E7");
Line Found : user_pref("CT3287811._key_cl_active.enc", "OGVlNjAyNGMtZjUxNS00NzRjLWJhN2QtYzgzODM4MGIxMDdh");
Line Found : user_pref("CT3287811.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3287811.browser.search.defaultthis.engineName", "");
Line Found : user_pref("CT3287811.cbfirsttime", "%DA%EE%FB%A6%CA%EB%E9%A6%B6%BB%A6%B8%B6%B7%B9%A6%B7%BD%C0%B9%BD%C0%B6%B6%A6%CD%D3%DA%B3%B6%BE%B6%B6%A6%AE%D6%E7%E9%EF%EC%EF%E9%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Found : user_pref("CT3287811.cbfirsttime.enc", "VGh1IERlYyAwNSAyMDEzIDE3OjM3OjAwIEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Found : user_pref("CT3287811.countryCode", "US");
Line Found : user_pref("CT3287811.defaultSearch", "true");
Line Found : user_pref("CT3287811.enableAlerts", "true");
Line Found : user_pref("CT3287811.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3287811.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3287811.fixPageNotFoundError", "true");
Line Found : user_pref("CT3287811.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3287811.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3287811.fullUserID", "UN51523499927838298.IN.20131205135701");
Line Found : user_pref("CT3287811.installDate", "05/12/2013 13:57:14");
Line Found : user_pref("CT3287811.installSessionId", "{D08CBB23-08F5-45CD-B9F9-81163C2BC800}");
Line Found : user_pref("CT3287811.installSp", "TRUE");
Line Found : user_pref("CT3287811.installType", "conduitnsisintegration");
Line Found : user_pref("CT3287811.installUsage", "2013-12-06T04:36:06.3354298+03:00");
Line Found : user_pref("CT3287811.installUsageEarly", "2013-12-06T04:36:00.220465+03:00");
Line Found : user_pref("CT3287811.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3287811.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3287811.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3287811.keyword", "true");
Line Found : user_pref("CT3287811.lastVersion", "10.23.0.822");
Line Found : user_pref("CT3287811.mam_gk_appStateReportTime", "%B7%B9%BE%BC%BB%BA%BC%BB%B8%BE%B6%BD%BF");
Line Found : user_pref("CT3287811.mam_gk_appStateReportTime.enc", "MTM4NjU0NjUyODA3OQ==");
Line Found : user_pref("CT3287811.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_Discover", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_Easytobook", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_JobsMiner", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_JobsMiner.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_PriceGong", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appState_WindowShopper", "%F5%F4");
Line Found : user_pref("CT3287811.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3287811.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Found : user_pref("CT3287811.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Found : user_pref("CT3287811.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3287811.mam_gk_calledSetupService", "%B7");
Line Found : user_pref("CT3287811.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BB%B4%B7");
Line Found : user_pref("CT3287811.mam_gk_currentVersion.enc", "MS4xMS41LjE=");
Line Found : user_pref("CT3287811.mam_gk_existingUsersRecoveryDone", "%B7");
Line Found : user_pref("CT3287811.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_first_time", "%B7");
Line Found : user_pref("CT3287811.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Found : user_pref("CT3287811.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3287811.mam_gk_lastLoginTime", "%B7%B9%BE%BC%BB%BA%BC%BB%B8%BE%BA%BD%BF");
Line Found : user_pref("CT3287811.mam_gk_lastLoginTime.enc", "MTM4NjU0NjUyODQ3OQ==");
Line Found : user_pref("CT3287811.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Found : user_pref("CT3287811.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Found : user_pref("CT3287811.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3287811.mam_gk_migrated_from_ls", "%B7");
Line Found : user_pref("CT3287811.mam_gk_migrated_from_ls.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_new_welcome_experience", "%B7");
Line Found : user_pref("CT3287811.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Found : user_pref("CT3287811.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3287811.mam_gk_settings1.11.5.1", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Found : user_pref("CT3287811.mam_gk_settings1.11.5.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMDkiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Found : user_pref("CT3287811.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Found : user_pref("CT3287811.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3287811.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Found : user_pref("CT3287811.mam_gk_stamp.enc", "MTA0M18w");
Line Found : user_pref("CT3287811.mam_gk_userId", "%BB%BC%E8%EA%BB%BC%BB%EC%B3%EA%BF%B9%B9%B3%BA%BE%BC%BE%B3%BE%EB%E8%B6%B3%E9%B9%B7%E9%BE%BC%BF%E8%BF%B8%BD%BE");
Line Found : user_pref("CT3287811.mam_gk_userId.enc", "NTZiZDU2NWYtZDkzMy00ODY4LThlYjAtYzMxYzg2OWI5Mjc4");
Line Found : user_pref("CT3287811.mam_gk_user_approval_interacted", "%B7");
Line Found : user_pref("CT3287811.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3287811.mam_gk_welcomeDialogMode", "%B7");
Line Found : user_pref("CT3287811.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3287811.openThankYouPage", "false");
Line Found : user_pref("CT3287811.openUninstallPage", "true");
Line Found : user_pref("CT3287811.originalHomepage", "hxxp://vn.yahoo.com/?fr=mkg031");
Line Found : user_pref("CT3287811.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=");
Line Found : user_pref("CT3287811.originalSearchEngine", "Secure Search");
Line Found : user_pref("CT3287811.originalSearchEngineName", "Secure Search");
Line Found : user_pref("CT3287811.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3287811.revertSettingsEnabled", "false");
Line Found : user_pref("CT3287811.search.searchAppId", "130058505012401845");
Line Found : user_pref("CT3287811.search.searchCount", "2");
Line Found : user_pref("CT3287811.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3287811.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3287811.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3287811.searchRevert", "false");
Line Found : user_pref("CT3287811.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3287811.searchUninstallUserMode", "2");
Line Found : user_pref("CT3287811.searchUserMode", "2");
Line Found : user_pref("CT3287811.serviceLayer_services_Configuration_lastUpdate", "1387124532386");
Line Found : user_pref("CT3287811.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386293806721");
Line Found : user_pref("CT3287811.serviceLayer_services_appsMetadata_lastUpdate", "1387124529998");
Line Found : user_pref("CT3287811.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386293806631");
Line Found : user_pref("CT3287811.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1386293805174");
Line Found : user_pref("CT3287811.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1386293811151");
Line Found : user_pref("CT3287811.serviceLayer_services_login_10.22.5.10_lastUpdate", "1386383552287");
Line Found : user_pref("CT3287811.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386883298426");
Line Found : user_pref("CT3287811.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387124520186");
Line Found : user_pref("CT3287811.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386293806675");
Line Found : user_pref("CT3287811.serviceLayer_services_searchAPI_lastUpdate", "1387124527614");
Line Found : user_pref("CT3287811.serviceLayer_services_serviceMap_lastUpdate", "1387124520107");
Line Found : user_pref("CT3287811.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387124527589");
Line Found : user_pref("CT3287811.serviceLayer_services_toolbarSettings_lastUpdate", "1387124531184");
Line Found : user_pref("CT3287811.serviceLayer_services_translation_lastUpdate", "1387124520187");
Line Found : user_pref("CT3287811.settingsINI", true);
Line Found : user_pref("CT3287811.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3287811.showToolbarPermission", "false");
Line Found : user_pref("CT3287811.smartbar.CTID", "CT3287811");
Line Found : user_pref("CT3287811.smartbar.Uninstall", "0");
Line Found : user_pref("CT3287811.smartbar.homepage", "true");
Line Found : user_pref("CT3287811.smartbar.toolbarName", "VisualBee V.12 ");
Line Found : user_pref("CT3287811.startPage", "true");
Line Found : user_pref("CT3287811.toolbarBornServerTime", "6-12-2013");
Line Found : user_pref("CT3287811.toolbarCurrentServerTime", "13-12-2013");
Line Found : user_pref("CT3287811.toolbarInstallDate", "05-12-2013 13:57:04");
Line Found : user_pref("CT3287811.toolbarLoginClientTime", "Thu Dec 05 2013 17:36:51 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3287811.url_history0001", "%F0%E7%FC%E7%F9%E9%F8%EF%F6%FA%C0%ED%EB%F4%EB%F8%E7%FA%EB%D2%EF%F4%F1%AE%AD%EE%FA%FA%F6%C0%B5%B5%FA%FA%E8%B4%EC%EF%F2%EB%F9%E8%FB%F4%F1%EB%F8%B4%E9%F5%F3%B5%EA%[...]
Line Found : user_pref("CT3287811.url_history0001.enc", "amF2YXNjcmlwdDpnZW5lcmF0ZUxpbmsoJ2h0dHA6Ly90dGIuZmlsZXNidW5rZXIuY29tL2Rvd25sb2FkL3JlcXVlc3QvNTI1ZTg1NTQ1ZjFjMWU4MTY1MDAwMDA0L0tBTEozSUhKJyk6OjpjbGlja2hhbmRs[...]
Line Found : user_pref("CT3287811.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3287811.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN51523499927838298&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.12 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287811");
Line Found : user_pref("extensions.crossrider.bic", "13d0dbd53045576312de34fe9bf751bd");
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationTime", 1361719917);
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.active", true);
Line Found : user_pref("extensions.crossriderapp26278.26278.addressbar", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp26278.26278.backgroundver", 5);
Line Found : user_pref("extensions.crossriderapp26278.26278.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp26278.26278.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.value", "1361719917");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.value", "1361719917");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.expiration", "Sun Mar 03 2013 18:09:54 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%22141543%26pid%3D1382%5C%22%3A%7Bs%3A%5B%5C%22146368%26pid%3D1392%5C%2[...]
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.expiration", "Sun Mar 03 2013 18:09:54 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.expiration", "Wed Mar 06 2013 13:36:10 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.value", "1362360841");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.value", "%221361906481%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22142729%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22142729%26subid%3D%26pid%3D1383%2[...]
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.value", "%221361906531%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.value", "%22142729%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.value", "1362360839940");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.value", "%221383%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.value", "%22148533%22");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.value", "1362000962377");
Line Found : user_pref("extensions.crossriderapp26278.26278.description", "Solid Savings");
Line Found : user_pref("extensions.crossriderapp26278.26278.domain", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.group", 0);
Line Found : user_pref("extensions.crossriderapp26278.26278.homepage", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.iframe", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221F31BE2871CC4F46B0B00081589ED66FIE%22%2C%22installer_verifier%22%3A%22cb84f8c6e32c30[...]
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.value", "7");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.expiration", "Sun Mar 03 2013 23:34:01 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Found : user_pref("extensions.crossriderapp26278.26278.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.name", "Solid Savings");
Line Found : user_pref("extensions.crossriderapp26278.26278.newtab", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.opensearch", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.name", "base");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.ver", 4);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.ver", 15);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.ver", 34);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.ver", 2);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.ver", 2);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.ver", 5);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.ver", 3);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.name", "debug");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.ver", 3);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.name", "resources");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.ver", 2);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.name", "initializer");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.ver", 2);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.name", "jquery_1_7_1");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.ver", 3);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.ver", 1);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.ver", 1);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.ver", 1);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.ver", 2);
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28");
Line Found : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Found : user_pref("extensions.crossriderapp26278.26278.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/26278/plugins/088/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp26278.26278.pluginsversion", 4);
Line Found : user_pref("extensions.crossriderapp26278.26278.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp26278.26278.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp26278.26278.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp26278.26278.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.thankyou", "");
Line Found : user_pref("extensions.crossriderapp26278.26278.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp26278.26278.ver", 7);
Line Found : user_pref("extensions.crossriderapp26278.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp26278.apps", "26278");
Line Found : user_pref("extensions.crossriderapp26278.bic", "13d0dbd53045576312de34fe9bf751bd");
Line Found : user_pref("extensions.crossriderapp26278.cid", 26278);
Line Found : user_pref("extensions.crossriderapp26278.firstrun", false);
Line Found : user_pref("extensions.crossriderapp26278.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp26278.installationdate", 1361735144);
Line Found : user_pref("extensions.crossriderapp26278.lastcheck", 22706014);
Line Found : user_pref("extensions.crossriderapp26278.lastcheckitem", 22706045);
Line Found : user_pref("extensions.crossriderapp26278.modetype", "production");
Line Found : user_pref("extensions.crossriderapp26278.reportInstall", true);
Line Found : user_pref("extensions.wajam.affiliate_id", "4223");
Line Found : user_pref("extensions.wajam.firstrun", "false");
Line Found : user_pref("extensions.wajam.log_send_info", "false");
Line Found : user_pref("extensions.wajam.no_trace", "false");
Line Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Found : user_pref("extensions.wajam.trace_log", "1374374313962 - onFlagInfoReceived - Server mapping version: 0.21087\n1374374313962 - onFlagInfoReceived - Server mapping version (client-side): 0.21087\n13743[...]
Line Found : user_pref("extensions.wajam.unique_id", "A858B7682E7585953E27249EBA280B2C");
Line Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Found : user_pref("extensions.wajam.version", "1.26");
Line Found : user_pref("extensions.wajam.website_version", "1.00274.0");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3287811");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN51523499927838298&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287811");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3287811");
Line Found : user_pref("smartbar.machineId", "VVVPH/ICYA83RETQOO2RXM379FMKCLAVWIHDFBLTAEIIOMRZ59I+W3ZCPARCXZVIWT78T/S7LPSYM+N3G1AJFA");
Line Found : user_pref("valueApps.CT3287811./9B+7E+x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E,x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E-x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E.:2z527.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E.x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E/x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E06CG5EL8:", "6E6D696C6B6C72737677");
Line Found : user_pref("valueApps.CT3287811./9B+7E06CG5EL8:.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F72717278797C7D242F4B49474F42357D5D5C3D");
Line Found : user_pref("valueApps.CT3287811./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B+7E0x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E1x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E2x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E3x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E4x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E5x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E6x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E7x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E8x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E9x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E:x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E;x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E<x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E=x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E>x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7E?x305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./[email protected]", true);
Line Found : user_pref("valueApps.CT3287811./9B+7EAx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("valueApps.CT3287811./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B+7EBx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7ECx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7EDx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B+7Etx305.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811./9B-0?3G>D", "3C3C3C4071723F737A47467A7220754D497E254E7A207C2A24265727552D26275D2E2D2B");
Line Found : user_pref("valueApps.CT3287811./9B-0?3G>D.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B-0?3G@6:5;", "");
Line Found : user_pref("valueApps.CT3287811./9B-0?3G@6:5;.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B-0?3GFA7EF", "2B2E2C3D");
Line Found : user_pref("valueApps.CT3287811./9B-0?3GFA7EF.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Found : user_pref("valueApps.CT3287811./9B-3=3ECCJA=F>.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Found : user_pref("valueApps.CT3287811./9B/>01=9A6K6<IM;[email protected]", false);
Line Found : user_pref("valueApps.CT3287811./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("valueApps.CT3287811./9B3=>@44I48?.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B5BA==9CJAG", "6D6B693D6D6E44447A4772794A774C49204A224F7A");
Line Found : user_pref("valueApps.CT3287811./9B5BA==9CJAG.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B6B11G4C56B>F;P;ANR@P", "6E6D696C6B6C72737676717474");
Line Found : user_pref("valueApps.CT3287811./9B6B11G4C56B>F;P;[email protected]", false);
Line Found : user_pref("valueApps.CT3287811./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Found : user_pref("valueApps.CT3287811./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B9643G3/9E", "6A");
Line Found : user_pref("valueApps.CT3287811./9B9643G3/9E.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B;45>:BI9I7IE", "2B2E2C3D");
Line Found : user_pref("valueApps.CT3287811./9B;45>:BI9I7IE.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B<:222H64<", "393F352F3E");
Line Found : user_pref("valueApps.CT3287811./9B<:222H64<.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B<:222H64<L8DAJ", "6D70706F7673737976762A787A727B7D757B21");
Line Found : user_pref("valueApps.CT3287811./9B<:222H64<L8DAJ.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B=+03EH8H8J?:", "4443");
Line Found : user_pref("valueApps.CT3287811./9B=+03EH8H8J?:.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("valueApps.CT3287811./9B?+E2A52D8.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9B?B0D:8AJ62<H", "6D");
Line Found : user_pref("valueApps.CT3287811./9B?B0D:8AJ62<H.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811./9BA@0<0BI6A7GN:6@L?", "6C");
Line Found : user_pref("valueApps.CT3287811./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.PG_ENABLE", "74727565");
Line Found : user_pref("valueApps.CT3287811.PG_ENABLE.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.SF_JUST_INSTALLED", "46414C5345");
Line Found : user_pref("valueApps.CT3287811.SF_JUST_INSTALLED.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.SF_USER_ID", "6369645F3531323230313331373336353936363635393834");
Line Found : user_pref("valueApps.CT3287811.SF_USER_ID.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811._key_cl_active", "38656536303234632D663531352D343734632D626137642D633833383338306231303761");
Line Found : user_pref("valueApps.CT3287811._key_cl_active.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.cbfirsttime", "5468752044656320303520323031332031373A33373A303020474D542D30383030202850616369666963205374616E646172642054696D6529");
Line Found : user_pref("valueApps.CT3287811.cbfirsttime.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appStateReportTime", "31333836383833333039373030");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appStateReportTime.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Clarity_Active", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_CouponBuddy", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Discover", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Discover.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Find-a-Pro", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_JobsMiner", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_JobsMiner.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_PriceGong", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_PriceGong.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_WindowShopper", "6F6E");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appState_WindowShopper.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appsConfig.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Found : user_pref("valueApps.CT3287811.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_calledSetupService", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_calledSetupService.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_currentVersion", "312E31322E302E35");
Line Found : user_pref("valueApps.CT3287811.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_existingUsersRecoveryDone", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_first_time", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_first_time.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_installer_preapproved", "66616C7365");
Line Found : user_pref("valueApps.CT3287811.mam_gk_installer_preapproved.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_lastLoginTime", "31333836383833333131333137");
Line Found : user_pref("valueApps.CT3287811.mam_gk_lastLoginTime.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_localization.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811.mam_gk_mamEnabled", "74727565");
Line Found : user_pref("valueApps.CT3287811.mam_gk_mamEnabled.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_migrated_from_ls.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_new_welcome_experience", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_new_welcome_experience.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_settings1.11.5.1.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811.mam_gk_settings1.12.0.5.storedInFile", true);
Line Found : user_pref("valueApps.CT3287811.mam_gk_showWelcomeGadget", "66616C7365");
Line Found : user_pref("valueApps.CT3287811.mam_gk_showWelcomeGadget.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_stamp", "313034335F30");
Line Found : user_pref("valueApps.CT3287811.mam_gk_stamp.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_userId", "35366264353635662D643933332D343836382D386562302D633331633836396239323738");
Line Found : user_pref("valueApps.CT3287811.mam_gk_userId.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_user_approval_interacted.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.mam_gk_welcomeDialogMode", "31");
Line Found : user_pref("valueApps.CT3287811.mam_gk_welcomeDialogMode.storedInFile", false);
Line Found : user_pref("valueApps.CT3287811.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [46357 octets] - [27/12/2013 10:01:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [46418 octets] ##########


5.As for how the computer is running, it seems to be running better, i need to reboot a few more times today and will update in an hour or so, something unusual i found was a text log in my temp folder that i will attach below, the file was called "foo.txt"


=== Verbose logging started: 12/1/2013 15:52:36 Build type: SHIP UNICODE 5.00.7600.00 Calling process: c:\windows\system32\msiexec.exe ===
MSI © (64:68) [15:52:36:526]: Resetting cached policy values
MSI © (64:68) [15:52:36:526]: Machine policy value 'Debug' is 0
MSI © (64:68) [15:52:36:526]: ******* RunEngine:
******* Product: c:\\temp\\ScorpionSaver.msi
******* Action:
******* CommandLine: **********
MSI © (64:68) [15:52:36:527]: Client-side and UI is none or basic: Running entire install on the server.
MSI © (64:68) [15:52:36:527]: Grabbed execution mutex.
MSI © (64:68) [15:52:36:604]: Cloaking enabled.
MSI © (64:68) [15:52:36:604]: Attempting to enable all disabled privileges before calling Install on Server
MSI © (64:68) [15:52:36:609]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (1C:E8) [15:52:36:636]: Running installation inside multi-package transaction c:\\temp\\ScorpionSaver.msi
MSI (s) (1C:E8) [15:52:36:636]: Grabbed execution mutex.
MSI (s) (1C:D8) [15:52:36:639]: Resetting cached policy values
MSI (s) (1C:D8) [15:52:36:639]: Machine policy value 'Debug' is 0
MSI (s) (1C:D8) [15:52:36:639]: ******* RunEngine:
******* Product: c:\\temp\\ScorpionSaver.msi
******* Action:
******* CommandLine: **********
MSI (s) (1C:D8) [15:52:36:675]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (1C:D8) [15:52:36:825]: SRSetRestorePoint skipped for this transaction.
MSI (s) (1C:D8) [15:52:36:837]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2
MSI (s) (1C:D8) [15:52:36:852]: File will have security applied from OpCode.
MSI (s) (1C:D8) [15:52:36:870]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\\temp\\ScorpionSaver.msi' against software restriction policy
MSI (s) (1C:D8) [15:52:36:870]: SOFTWARE RESTRICTION POLICY: c:\\temp\\ScorpionSaver.msi has a digital signature
MSI (s) (1C:D8) [15:52:39:450]: SOFTWARE RESTRICTION POLICY: c:\\temp\\ScorpionSaver.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (1C:D8) [15:52:39:454]: End dialog not enabled
MSI (s) (1C:D8) [15:52:39:454]: Original package ==> c:\\temp\\ScorpionSaver.msi
MSI (s) (1C:D8) [15:52:39:454]: Package we're running from ==> c:\windows\Installer\35ecf12.msi
MSI (s) (1C:D8) [15:52:39:484]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (1C:D8) [15:52:39:511]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}'.
MSI (s) (1C:D8) [15:52:39:512]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (1C:D8) [15:52:39:894]: MSCOREE not loaded loading copy from system32
MSI (s) (1C:D8) [15:52:39:930]: Machine policy value 'TransformsSecure' is 0
MSI (s) (1C:D8) [15:52:39:930]: User policy value 'TransformsAtSource' is 0
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'DisablePatch' is 0
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'DisableMsi' is 0
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:938]: User policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:938]: Running product '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}' with elevated privileges: All apps run elevated.
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (1C:D8) [15:52:39:938]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (1C:D8) [15:52:39:959]: APPCOMPAT: looking for appcompat database entry with ProductCode '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}'.
MSI (s) (1C:D8) [15:52:39:959]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (1C:D8) [15:52:39:959]: Transforms are not secure.
MSI (s) (1C:D8) [15:52:39:960]: Note: 1: 2205 2: 3: Control
MSI (s) (1C:D8) [15:52:39:960]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'c:\\temp\\foo.txt'.
MSI (s) (1C:D8) [15:52:39:960]: Command Line: sourceguid=2594 userguid=96964645-B958-6104-FFBB-83B14C8F7590 options=01110010000000000000000000000000 CURRENTDIRECTORY=C:\windows\system32 CLIENTUILEVEL=3 CLIENTPROCESSID=38756
MSI (s) (1C:D8) [15:52:39:960]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{A5122D60-0F73-4E51-B932-09546C8362F3}'.
MSI (s) (1C:D8) [15:52:39:960]: Product Code passed to Engine.Initialize: ''
MSI (s) (1C:D8) [15:52:39:960]: Product Code from property table before transforms: '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}'
MSI (s) (1C:D8) [15:52:39:960]: Product Code from property table after transforms: '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}'
MSI (s) (1C:D8) [15:52:39:960]: Product not registered: beginning first-time install
MSI (s) (1C:D8) [15:52:39:961]: Product {9B65F9A3-9D24-452A-B6EF-1457D65E4259} is not managed.
MSI (s) (1C:D8) [15:52:39:961]: Machine policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:961]: User policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:961]: MSI_LUA: No credentials required as all installs will run elevated due to AlwaysInstallElevated policy setting
MSI (s) (1C:D8) [15:52:39:962]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (1C:D8) [15:52:39:962]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (1C:D8) [15:52:39:962]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (1C:D8) [15:52:39:965]: Adding new sources is allowed.
MSI (s) (1C:D8) [15:52:39:965]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (1C:D8) [15:52:39:965]: Package name extracted from package path: 'ScorpionSaver.msi'
MSI (s) (1C:D8) [15:52:39:965]: Package to be registered: 'ScorpionSaver.msi'
MSI (s) (1C:D8) [15:52:39:965]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:39:976]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (1C:D8) [15:52:39:976]: Machine policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:976]: User policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:39:976]: Running product '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}' with elevated privileges: All apps run elevated.
MSI (s) (1C:D8) [15:52:39:977]: Machine policy value 'EnableUserControl' is 0
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Adding RestrictedUserControl property. Its value is '1'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Modifying SOURCEGUID property. Its current value is 'CCC9642C-CB76-46E5-AF27-7D7B5DD2348B'. Its new value: '2594'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Modifying USERGUID property. Its current value is '00000000-0000-0000-0000-000000000000'. Its new value: '96964645-B958-6104-FFBB-83B14C8F7590'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Modifying OPTIONS property. Its current value is '-1'. Its new value: '01110010000000000000000000000000'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\windows\system32'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (1C:D8) [15:52:39:977]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '38756'.
MSI (s) (1C:D8) [15:52:39:977]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (1C:D8) [15:52:39:992]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is 'ebf22b4758516540a61a340c86cd3be4'.
MSI (s) (1C:D8) [15:52:39:992]: RESTART MANAGER: Session opened.
MSI (s) (1C:D8) [15:52:39:992]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (s) (1C:D8) [15:52:39:992]: TRANSFORMS property is now:
MSI (s) (1C:D8) [15:52:39:992]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '300'.
MSI (s) (1C:D8) [15:52:40:003]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming
MSI (s) (1C:D8) [15:52:40:005]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\Favorites
MSI (s) (1C:D8) [15:52:40:007]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (1C:D8) [15:52:40:010]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\Documents
MSI (s) (1C:D8) [15:52:40:012]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (1C:D8) [15:52:40:014]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (1C:D8) [15:52:40:016]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (1C:D8) [15:52:40:018]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (1C:D8) [15:52:40:018]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (1C:D8) [15:52:40:019]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Local
MSI (s) (1C:D8) [15:52:40:021]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\Pictures
MSI (s) (1C:D8) [15:52:40:025]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (1C:D8) [15:52:40:026]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (1C:D8) [15:52:40:028]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (1C:D8) [15:52:40:030]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (1C:D8) [15:52:40:031]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (1C:D8) [15:52:40:035]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (1C:D8) [15:52:40:037]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (1C:D8) [15:52:40:039]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (1C:D8) [15:52:40:040]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (1C:D8) [15:52:40:042]: SHELL32::SHGetFolderPath returned: C:\Users\thanhnguyen\Desktop
MSI (s) (1C:D8) [15:52:40:045]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (1C:D8) [15:52:40:046]: SHELL32::SHGetFolderPath returned: C:\windows\Fonts
MSI (s) (1C:D8) [15:52:40:056]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (1C:D8) [15:52:40:066]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (1C:D8) [15:52:40:066]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (1C:D8) [15:52:40:066]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (1C:D8) [15:52:40:067]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (1C:D8) [15:52:40:067]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'thanhnguyen'.
MSI (s) (1C:D8) [15:52:40:067]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (1C:D8) [15:52:40:067]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\windows\Installer\35ecf12.msi'.
MSI (s) (1C:D8) [15:52:40:067]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\\temp\\ScorpionSaver.msi'.
MSI (s) (1C:D8) [15:52:40:067]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (1C:D8) [15:52:40:067]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install
MSI (s) (1C:D8) [15:52:40:068]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (1C:D8) [15:52:40:073]: Machine policy value 'DisableRollback' is 0
MSI (s) (1C:D8) [15:52:40:073]: User policy value 'DisableRollback' is 0
MSI (s) (1C:D8) [15:52:40:073]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 12/1/2013 15:52:40 ===
MSI (s) (1C:D8) [15:52:40:074]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (1C:D8) [15:52:40:074]: Doing action: INSTALL
MSI (s) (1C:D8) [15:52:40:074]: Note: 1: 2205 2: 3: ActionText
Action start 15:52:40: INSTALL.
MSI (s) (1C:D8) [15:52:40:092]: Running ExecuteSequence
MSI (s) (1C:D8) [15:52:40:093]: Doing action: FindRelatedProducts
MSI (s) (1C:D8) [15:52:40:093]: Note: 1: 2205 2: 3: ActionText
Action start 15:52:40: FindRelatedProducts.
MSI (s) (1C:D8) [15:52:40:096]: Doing action: AppSearch
MSI (s) (1C:D8) [15:52:40:096]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: FindRelatedProducts. Return value 1.
Action start 15:52:40: AppSearch.
MSI (s) (1C:D8) [15:52:40:101]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (1C:D8) [15:52:40:101]: PROPERTY CHANGE: Adding MYLOCALAPPDATA property. Its value is 'c:\Users\thanhnguyen\AppData\Local\'.
MSI (s) (1C:D8) [15:52:40:101]: Doing action: LaunchConditions
MSI (s) (1C:D8) [15:52:40:101]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: AppSearch. Return value 1.
Action start 15:52:40: LaunchConditions.
MSI (s) (1C:D8) [15:52:40:103]: Doing action: ValidateProductID
MSI (s) (1C:D8) [15:52:40:104]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: LaunchConditions. Return value 1.
Action start 15:52:40: ValidateProductID.
MSI (s) (1C:D8) [15:52:40:104]: Doing action: CostInitialize
MSI (s) (1C:D8) [15:52:40:104]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: ValidateProductID. Return value 1.
MSI (s) (1C:D8) [15:52:40:106]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (1C:D8) [15:52:40:117]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (1C:D8) [15:52:40:120]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: Patch
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (1C:D8) [15:52:40:120]: Note: 1: 2205 2: 3: Patch
Action start 15:52:40: CostInitialize.
MSI (s) (1C:D8) [15:52:40:121]: Doing action: SetINSTALLLOCATION
MSI (s) (1C:D8) [15:52:40:121]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: CostInitialize. Return value 1.
MSI (s) (1C:D8) [15:52:40:122]: PROPERTY CHANGE: Adding INSTALLLOCATION property. Its value is 'C:\Program Files (x86)\ScorpionSaver'.
Action start 15:52:40: SetINSTALLLOCATION.
MSI (s) (1C:D8) [15:52:40:122]: Doing action: FileCost
MSI (s) (1C:D8) [15:52:40:122]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: SetINSTALLLOCATION. Return value 1.
MSI (s) (1C:D8) [15:52:40:124]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (1C:D8) [15:52:40:125]: Note: 1: 2205 2: 3: Class
MSI (s) (1C:D8) [15:52:40:125]: Note: 1: 2205 2: 3: Extension
MSI (s) (1C:D8) [15:52:40:125]: Note: 1: 2205 2: 3: TypeLib
Action start 15:52:40: FileCost.
MSI (s) (1C:D8) [15:52:40:126]: Doing action: SetChromeIdPath
MSI (s) (1C:D8) [15:52:40:126]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: FileCost. Return value 1.
MSI (s) (1C:D8) [15:52:40:127]: PROPERTY CHANGE: Adding ChromeIdPath property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg'.
Action start 15:52:40: SetChromeIdPath.
MSI (s) (1C:D8) [15:52:40:127]: Doing action: SetChromeVersionPath
MSI (s) (1C:D8) [15:52:40:127]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: SetChromeIdPath. Return value 1.
MSI (s) (1C:D8) [15:52:40:128]: PROPERTY CHANGE: Adding ChromeVersionPath property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0'.
Action start 15:52:40: SetChromeVersionPath.
MSI (s) (1C:D8) [15:52:40:128]: Doing action: CostFinalize
MSI (s) (1C:D8) [15:52:40:128]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: SetChromeVersionPath. Return value 1.
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (1C:D8) [15:52:40:130]: Note: 1: 2205 2: 3: Patch
MSI (s) (1C:D8) [15:52:40:130]: Note: 1: 2205 2: 3: Condition
MSI (s) (1C:D8) [15:52:40:130]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\windows\'. Its new value: 'c:\windows\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files (x86)\'. Its new value: 'c:\Program Files (x86)\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Modifying INSTALLLOCATION property. Its current value is 'C:\Program Files (x86)\ScorpionSaver'. Its new value: 'c:\Program Files (x86)\ScorpionSaver\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding Google property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Google\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding Chrome property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Google\Chrome\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding User_Data property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding Default property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding Extensions property. Its value is 'c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Modifying ChromeIdPath property. Its current value is 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg'. Its new value: 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\'.
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Modifying ChromeVersionPath property. Its current value is 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0'. Its new value: 'c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\'.
MSI (s) (1C:D8) [15:52:40:131]: Target path resolution complete. Dumping Directory table...
MSI (s) (1C:D8) [15:52:40:131]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: WindowsFolder , Object: c:\windows\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files (x86)\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: INSTALLLOCATION , Object: c:\Program Files (x86)\ScorpionSaver\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: MYLOCALAPPDATA , Object: c:\Users\thanhnguyen\AppData\Local\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: Google , Object: c:\Users\thanhnguyen\AppData\Local\Google\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: Chrome , Object: c:\Users\thanhnguyen\AppData\Local\Google\Chrome\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: User_Data , Object: c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: Default , Object: c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: Extensions , Object: c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: ChromeIdPath , Object: c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\
MSI (s) (1C:D8) [15:52:40:131]: Dir (target): Key: ChromeVersionPath , Object: c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\
MSI (s) (1C:D8) [15:52:40:131]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.
MSI (s) (1C:D8) [15:52:40:131]: Note: 1: 2205 2: 3: MsiAssembly
MSI (s) (1C:D8) [15:52:40:131]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?
Action start 15:52:40: CostFinalize.
MSI (s) (1C:D8) [15:52:40:133]: Doing action: MigrateFeatureStates
MSI (s) (1C:D8) [15:52:40:133]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: CostFinalize. Return value 1.
Action start 15:52:40: MigrateFeatureStates.
MSI (s) (1C:D8) [15:52:40:135]: Doing action: InstallValidate
MSI (s) (1C:D8) [15:52:40:135]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: MigrateFeatureStates. Return value 0.
MSI (s) (1C:D8) [15:52:40:136]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is 'ebf22b4758516540a61a340c86cd3be4'.
MSI (s) (1C:D8) [15:52:40:136]: Note: 1: 2205 2: 3: Dialog
MSI (s) (1C:D8) [15:52:40:136]: Feature: ProductFeature; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: ChromeFiles; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: INSTALLLOCATION; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: SendJson; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RegistryEntries; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: IECore.dll; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: ChromeCAs; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: FirefoxFiles; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeGoogle; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeChrome; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeUser_Data; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeDefault; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeExtensions; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeId; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: RemoveChromeVersion; Installed: Absent; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: __ChromeFiles65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:136]: Component: __RegistryEntries65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeGoogle65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeChrome65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeUser_Data65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeDefault65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeExtensions65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeId65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Component: __RemoveChromeVersion65; Installed: Null; Request: Local; Action: Local
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: BindImage
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: ProgId
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: Extension
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: Font
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: Class
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: TypeLib
Action start 15:52:40: InstallValidate.
MSI (s) (1C:D8) [15:52:40:137]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (1C:D8) [15:52:40:153]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: BindImage
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: ProgId
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: PublishComponent
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: SelfReg
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: Extension
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: Font
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: Shortcut
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: Class
MSI (s) (1C:D8) [15:52:40:154]: Note: 1: 2205 2: 3: TypeLib
MSI (s) (1C:D8) [15:52:40:155]: Note: 1: 2727 2:
MSI (s) (1C:D8) [15:52:40:155]: Note: 1: 2205 2: 3: FilesInUse
MSI (s) (1C:D8) [15:52:40:223]: Note: 1: 2727 2:
MSI (s) (1C:D8) [15:52:40:224]: Doing action: RemoveExistingProducts
MSI (s) (1C:D8) [15:52:40:224]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: InstallValidate. Return value 1.
MSI (s) (1C:D8) [15:52:40:226]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:40:226]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 22
Action start 15:52:40: RemoveExistingProducts.
MSI (s) (1C:D8) [15:52:40:226]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:40:226]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 23
MSI (s) (1C:D8) [15:52:40:227]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:40:227]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 16
MSI (s) (1C:D8) [15:52:40:227]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:40:227]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 21
MSI (s) (1C:D8) [15:52:40:227]: Doing action: InstallInitialize
MSI (s) (1C:D8) [15:52:40:227]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: RemoveExistingProducts. Return value 1.
MSI (s) (1C:D8) [15:52:40:228]: Machine policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:40:228]: User policy value 'AlwaysInstallElevated' is 1
MSI (s) (1C:D8) [15:52:40:228]: BeginTransaction: Locking Server
MSI (s) (1C:D8) [15:52:40:228]: SRSetRestorePoint skipped for this transaction.
MSI (s) (1C:D8) [15:52:40:228]: Server not locked: locking for product {9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Action start 15:52:40: InstallInitialize.
MSI (s) (1C:D8) [15:52:40:709]: Doing action: ProcessComponents
MSI (s) (1C:D8) [15:52:40:710]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: InstallInitialize. Return value 1.
MSI (s) (1C:D8) [15:52:40:717]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (1C:D8) [15:52:40:717]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (1C:D8) [15:52:40:717]: Resolving source.
MSI (s) (1C:D8) [15:52:40:717]: Resolving source to launched-from source.
MSI (s) (1C:D8) [15:52:40:717]: Setting launched-from source as last-used.
MSI (s) (1C:D8) [15:52:40:717]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\\temp\\'.
MSI (s) (1C:D8) [15:52:40:717]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\\temp\\'.
MSI (s) (1C:D8) [15:52:40:717]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{9B65F9A3-9D24-452A-B6EF-1457D65E4259}'.
MSI (s) (1C:D8) [15:52:40:717]: SOURCEDIR ==> c:\\temp\\
MSI (s) (1C:D8) [15:52:40:717]: SOURCEDIR product ==> {9B65F9A3-9D24-452A-B6EF-1457D65E4259}
MSI (s) (1C:D8) [15:52:40:717]: Determining source type
MSI (s) (1C:D8) [15:52:40:718]: Source type from package 'ScorpionSaver.msi': 2
Action start 15:52:40: ProcessComponents.
MSI (s) (1C:D8) [15:52:40:718]: Source path resolution complete. Dumping Directory table...
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: TARGETDIR , Object: c:\temp\ , LongSubPath: , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: WindowsFolder , Object: c:\temp\ , LongSubPath: , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: ProgramFilesFolder , Object: c:\temp\ , LongSubPath: , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: INSTALLLOCATION , Object: c:\temp\ , LongSubPath: , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: MYLOCALAPPDATA , Object: c:\temp\ , LongSubPath: , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: Google , Object: c:\temp\ , LongSubPath: Google\ , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: Chrome , Object: c:\temp\ , LongSubPath: Google\Chrome\ , ShortSubPath:
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: User_Data , Object: c:\temp\ , LongSubPath: Google\Chrome\User Data\ , ShortSubPath: Google\Chrome\7irmzgvy\
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: Default , Object: c:\temp\ , LongSubPath: Google\Chrome\User Data\Default\ , ShortSubPath: Google\Chrome\7irmzgvy\Default\
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: Extensions , Object: c:\temp\ , LongSubPath: Google\Chrome\User Data\Default\Extensions\ , ShortSubPath: Google\Chrome\7irmzgvy\Default\xrskbwz_\
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: ChromeIdPath , Object: c:\temp\ , LongSubPath: Google\Chrome\User Data\Default\Extensions\ChromeIdPath\ , ShortSubPath: Google\Chrome\7irmzgvy\Default\xrskbwz_\aktvvl6_\
MSI (s) (1C:D8) [15:52:40:718]: Dir (source): Key: ChromeVersionPath , Object: c:\temp\ , LongSubPath: Google\Chrome\User Data\Default\Extensions\ChromeIdPath\ChromeVersionPath\ , ShortSubPath: Google\Chrome\7irmzgvy\Default\xrskbwz_\aktvvl6_\zxzkj_de\
MSI (s) (1C:D8) [15:52:40:718]: Note: 1: 2205 2: 3: ActionText
MSI (s) (1C:D8) [15:52:40:719]: Note: 1: 2205 2: 3: ActionText
MSI (s) (1C:D8) [15:52:40:723]: Note: 1: 2205 2: 3: ActionText
MSI (s) (1C:D8) [15:52:40:730]: Doing action: UnpublishFeatures
MSI (s) (1C:D8) [15:52:40:730]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: ProcessComponents. Return value 1.
Action start 15:52:40: UnpublishFeatures.
MSI (s) (1C:D8) [15:52:40:732]: Doing action: RemoveRegistryValues
MSI (s) (1C:D8) [15:52:40:732]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: UnpublishFeatures. Return value 1.
Action start 15:52:40: RemoveRegistryValues.
MSI (s) (1C:D8) [15:52:40:735]: Doing action: RemoveFiles
MSI (s) (1C:D8) [15:52:40:735]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: RemoveRegistryValues. Return value 1.
Action start 15:52:40: RemoveFiles.
MSI (s) (1C:D8) [15:52:40:737]: Doing action: InstallFiles
MSI (s) (1C:D8) [15:52:40:737]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: RemoveFiles. Return value 1.
Action start 15:52:40: InstallFiles.
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: Patch
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence`
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1302
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: MsiSFCBypass
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2228 2: 3: MsiSFCBypass 4: SELECT `File_` FROM `MsiSFCBypass` WHERE `File_` = ?
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ?
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (1C:D8) [15:52:40:749]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (1C:D8) [15:52:40:761]: Doing action: DuplicateFiles
MSI (s) (1C:D8) [15:52:40:761]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: InstallFiles. Return value 1.
Action start 15:52:40: DuplicateFiles.
MSI (s) (1C:D8) [15:52:40:762]: Doing action: GetBrowsers
MSI (s) (1C:D8) [15:52:40:762]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:40: DuplicateFiles. Return value 1.
MSI (s) (1C:08) [15:52:40:786]: Invoking remote custom action. DLL: C:\windows\Installer\MSIDE71.tmp, Entrypoint: ListRegisteredBrowsers
MSI (s) (1C:60) [15:52:40:802]: Generating random cookie.
MSI (s) (1C:60) [15:52:40:892]: Created Custom Action Server with PID 39000 (0x9858).
MSI (s) (1C:D4) [15:52:41:362]: Running as a service.
MSI (s) (1C:D4) [15:52:41:411]: Hello, I'm your 32bit Impersonated custom action server.
Action start 15:52:40: GetBrowsers.
ListRegisteredBrowsers: Initialized.
ListRegisteredBrowsers: In GetRegisteredBrowsers.
ListRegisteredBrowsers: In Is64BitOS, getting ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, bIs64Bit = 1.
ListRegisteredBrowsers: In GetRegisteredBrowsers, opened registry key.
ListRegisteredBrowsers: In GetRegisteredBrowsers, queried registry key.
ListRegisteredBrowsers: In GetRegisteredBrowsers, enumerated registry subkeys.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = FIREFOX.EXE.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = FIREFOX.EXE.
ListRegisteredBrowsers: In GetFirefoxPath
ListRegisteredBrowsers: In Is64BitOS, getting ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, bIs64Bit = 1.
ListRegisteredBrowsers: In GetFirefoxPath, Is 64BitOS
ListRegisteredBrowsers: In GetFirefoxPath, opened registry key
ListRegisteredBrowsers: In GetFirefoxPath, called RegQueryValueEx
ListRegisteredBrowsers: In GetFirefoxPath, exeName = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
ListRegisteredBrowsers: In GetFirefoxPath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
ListRegisteredBrowsers: In GetFirefoxPath, calling StripExtraApostrophes
ListRegisteredBrowsers: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
ListRegisteredBrowsers: In StripExtraApostrophes, filename = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
ListRegisteredBrowsers: In GetFirefoxPath, stripped extra apostrophes, FirefoxPath = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, firefox path found.
ListRegisteredBrowsers: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
ListRegisteredBrowsers: In FileExists: filename = 42470008
ListRegisteredBrowsers: In DoubleEscape, string length = 50
ListRegisteredBrowsers: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
ListRegisteredBrowsers: In FileExists, returning true
MSI (s) (1C!C8) [15:52:41:493]: PROPERTY CHANGE: Adding FFENABLED property. Its value is 'TRUE'.
ListRegisteredBrowsers: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Mozilla Firefox\firefox.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, firefox file found.
ListRegisteredBrowsers: In GetRegisteredBrowsers, file exists.
ListRegisteredBrowsers: In GetRegisteredBrowsers, enumerated registry subkeys.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = Google Chrome.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = Google Chrome.
ListRegisteredBrowsers: In GetChromePath
ListRegisteredBrowsers: In Is64BitOS, getting ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, bIs64Bit = 1.
ListRegisteredBrowsers: In GetChromePath, Is 64BitOS
ListRegisteredBrowsers: In GetChromePath, opened registry key
ListRegisteredBrowsers: In GetChromePath, called RegQueryValueEx
ListRegisteredBrowsers: In GetChromePath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
ListRegisteredBrowsers: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
ListRegisteredBrowsers: In StripExtraApostrophes, filename = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ListRegisteredBrowsers: In GetChromePath, stripped extra chars, ChromePath = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, Chrome path found.
ListRegisteredBrowsers: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ListRegisteredBrowsers: In FileExists: filename = 42470192
ListRegisteredBrowsers: In DoubleEscape, string length = 59
ListRegisteredBrowsers: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe
ListRegisteredBrowsers: In FileExists, returning true
MSI (s) (1C!C8) [15:52:41:502]: PROPERTY CHANGE: Adding CHROMEENABLED property. Its value is 'TRUE'.
ListRegisteredBrowsers: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, chrome file found.
ListRegisteredBrowsers: In GetRegisteredBrowsers, file exists.
ListRegisteredBrowsers: In GetRegisteredBrowsers, enumerated registry subkeys.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = IEXPLORE.EXE.
ListRegisteredBrowsers: In GetRegisteredBrowsers, filename = IEXPLORE.EXE.
ListRegisteredBrowsers: In GetIEPath
ListRegisteredBrowsers: In Is64BitOS, getting ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
ListRegisteredBrowsers: In Is64BitOS, bIs64Bit = 1.
ListRegisteredBrowsers: In GetIEPath, Is 64BitOS
ListRegisteredBrowsers: In GetIEPath, opened registry key
ListRegisteredBrowsers: In GetIEPath, called RegQueryValueEx
ListRegisteredBrowsers: In GetIEPath, called ConvertCharOrByteArrayToString, retString = C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In GetIEPath, stripped extra chars, IEPath = C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, Internet Explorer path found.
ListRegisteredBrowsers: C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In FileExists: filename = 42470328
ListRegisteredBrowsers: In DoubleEscape, string length = 53
ListRegisteredBrowsers: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
ListRegisteredBrowsers: In FileExists, returning true
MSI (s) (1C!C8) [15:52:41:511]: PROPERTY CHANGE: Adding IEENABLED property. Its value is 'TRUE'.
ListRegisteredBrowsers: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Internet Explorer\iexplore.exe
ListRegisteredBrowsers: In GetRegisteredBrowsers, IE file found.
ListRegisteredBrowsers: In GetRegisteredBrowsers, file exists.
ListRegisteredBrowsers: In GetRegisteredBrowsers, retrieved browser paths and checked for existence.
ListRegisteredBrowsers: Completed GetRegisteredBrowsers.
ListRegisteredBrowsers: Called GetRegisteredBrowsers.
MSI (s) (1C:D8) [15:52:41:514]: Doing action: SetParamsInstall
MSI (s) (1C:D8) [15:52:41:514]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: GetBrowsers. Return value 1.
MSI (s) (1C:D8) [15:52:41:515]: PROPERTY CHANGE: Adding CustomActionInstall property. Its value is 'SourceGUID:2594 VMFlag: UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 FFEnabled:TRUE IEEnabled:TRUE ChromeEnabled:TRUE Options:01110010000000000000000000000000'.
Action start 15:52:41: SetParamsInstall.
MSI (s) (1C:D8) [15:52:41:515]: Doing action: CustomActionInstall
MSI (s) (1C:D8) [15:52:41:515]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: SetParamsInstall. Return value 1.
Action start 15:52:41: CustomActionInstall.
MSI (s) (1C:D8) [15:52:41:521]: Skipping action: SetParamsUninstall (condition is false)
MSI (s) (1C:D8) [15:52:41:521]: Skipping action: CustomActionUninstall (condition is false)
MSI (s) (1C:D8) [15:52:41:521]: Doing action: SetParamsJson
MSI (s) (1C:D8) [15:52:41:521]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: CustomActionInstall. Return value 1.
MSI (s) (1C:D8) [15:52:41:521]: PROPERTY CHANGE: Adding SendJson property. Its value is 'UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 SourceGUID:2594 AdminPrivileges:1'.
Action start 15:52:41: SetParamsJson.
MSI (s) (1C:D8) [15:52:41:522]: Doing action: SendJson
MSI (s) (1C:D8) [15:52:41:522]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: SetParamsJson. Return value 1.
Action start 15:52:41: SendJson.
MSI (s) (1C:D8) [15:52:41:526]: Doing action: WriteRegistryValues
MSI (s) (1C:D8) [15:52:41:526]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: SendJson. Return value 1.
Action start 15:52:41: WriteRegistryValues.
MSI (s) (1C:D8) [15:52:41:533]: Doing action: RegisterUser
MSI (s) (1C:D8) [15:52:41:533]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: WriteRegistryValues. Return value 1.
Action start 15:52:41: RegisterUser.
MSI (s) (1C:D8) [15:52:41:534]: Doing action: RegisterProduct
MSI (s) (1C:D8) [15:52:41:534]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: RegisterUser. Return value 1.
MSI (s) (1C:D8) [15:52:41:536]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:41:536]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1302
Action start 15:52:41: RegisterProduct.
MSI (s) (1C:D8) [15:52:41:537]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (1C:D8) [15:52:41:537]: Doing action: PublishFeatures
MSI (s) (1C:D8) [15:52:41:537]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: RegisterProduct. Return value 1.
Action start 15:52:41: PublishFeatures.
MSI (s) (1C:D8) [15:52:41:540]: Doing action: PublishProduct
MSI (s) (1C:D8) [15:52:41:540]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: PublishFeatures. Return value 1.
Action start 15:52:41: PublishProduct.
MSI (s) (1C:D8) [15:52:41:552]: Doing action: InstallFinalize
MSI (s) (1C:D8) [15:52:41:552]: Note: 1: 2205 2: 3: ActionText
Action ended 15:52:41: PublishProduct. Return value 1.
MSI (s) (1C:D8) [15:52:41:552]: Running Script: C:\windows\Installer\MSIDE41.tmp
MSI (s) (1C:D8) [15:52:41:552]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'.
MSI (s) (1C:D8) [15:52:41:554]: Machine policy value 'DisableRollback' is 0
MSI (s) (1C:D8) [15:52:41:638]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (1C:D8) [15:52:41:640]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1132560021,LangId=1033,Platform=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
Action start 15:52:41: InstallFinalize.
MSI (s) (1C:D8) [15:52:41:640]: Executing op: ProductInfo(ProductKey={9B65F9A3-9D24-452A-B6EF-1457D65E4259},ProductName=ScorpionSaver,PackageName=ScorpionSaver.msi,Language=1033,Version=16777216,Assignment=1,ObsoleteArg=0,ProductIcon=icon64.ico,,PackageCode={A5122D60-0F73-4E51-B932-09546C8362F3},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)
MSI (s) (1C:D8) [15:52:41:641]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (1C:D8) [15:52:41:641]: Executing op: DialogInfo(Type=1,Argument=ScorpionSaver)
MSI (s) (1C:D8) [15:52:41:642]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
MSI (s) (1C:D8) [15:52:41:642]: Executing op: SetBaseline(Baseline=0,)
MSI (s) (1C:D8) [15:52:41:642]: Executing op: SetBaseline(Baseline=1,)
MSI (s) (1C:D8) [15:52:41:642]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)
MSI (s) (1C:D8) [15:52:41:642]: Executing op: ProgressTotal(Total=14,Type=1,ByteEquivalent=24000)
MSI (s) (1C:D8) [15:52:41:643]: Executing op: ComponentRegister(ComponentId={0B31B7B7-7A73-4A2C-A23C-3EAE1FD41770},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:647]: Executing op: ComponentRegister(ComponentId={8433A517-B029-4356-9600-7695B46BF906},KeyPath=c:\Program Files (x86)\ScorpionSaver\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:649]: Executing op: ComponentRegister(ComponentId={548EFF05-555C-4E6A-ABBD-C77B1A54FBBE},KeyPath=c:\Program Files (x86)\ScorpionSaver\SendJson.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:656]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\ScorpionSaver\SendJson.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).
MSI (s) (1C:D8) [15:52:41:681]: Executing op: ComponentRegister(ComponentId={5C4AE273-5CEE-4611-9813-5304304474B1},KeyPath=01:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\2594,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:689]: Executing op: ComponentRegister(ComponentId={F5C148D8-13CE-4261-BC88-4DD93B88F47A},KeyPath=c:\Program Files (x86)\ScorpionSaver\IECore.dll,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:690]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\ScorpionSaver\IECore.dll' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).
MSI (s) (1C:D8) [15:52:41:690]: Executing op: ComponentRegister(ComponentId={498B1958-C1E8-40A4-9F50-503BDCEE5855},KeyPath=c:\Program Files (x86)\ScorpionSaver\CustomActionInstall,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:691]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\ScorpionSaver\CustomActionInstall' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).
MSI (s) (1C:D8) [15:52:41:692]: Executing op: ComponentRegister(ComponentId={35CA91C1-0982-4089-B560-0BDDD173BCBA},KeyPath=c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:693]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).
MSI (s) (1C:D8) [15:52:41:693]: Executing op: ComponentRegister(ComponentId={1F1AEE32-7A50-454F-9479-D4B9597ECA98},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:707]: Executing op: ComponentRegister(ComponentId={69728962-FA8A-421D-B659-0E20569AB59F},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:708]: Executing op: ComponentRegister(ComponentId={BD0F553F-E2A7-41A3-8B7E-5A86BF2A9573},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:710]: Executing op: ComponentRegister(ComponentId={2D9E9D32-E4B1-4E77-B1F9-05DD222FE402},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:711]: Executing op: ComponentRegister(ComponentId={D0D29D24-FA57-47FE-92E7-3078C6D8D933},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:712]: Executing op: ComponentRegister(ComponentId={3FB647DA-3B3B-48DF-908B-6640AB5889A2},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:714]: Executing op: ComponentRegister(ComponentId={492B50D7-C9E2-408C-993F-796F11D4BF53},KeyPath=01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)
MSI (s) (1C:D8) [15:52:41:715]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])
MSI (s) (1C:D8) [15:52:41:715]: Executing op: ProgressTotal(Total=3074167,Type=0,ByteEquivalent=1)
MSI (s) (1C:D8) [15:52:41:715]: Executing op: SetTargetFolder(Folder=c:\Program Files (x86)\ScorpionSaver\)
MSI (s) (1C:D8) [15:52:41:716]: Executing op: SetSourceFolder(Folder=1\)
MSI (s) (1C:D8) [15:52:41:716]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=cab1.cab,BytesPerTick=65536,CopierType=2,ModuleFileName=c:\windows\Installer\35ecf12.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (1C:D8) [15:52:41:716]: Executing op: FileCopy(SourceName=qptwvo4w.js|bootstrap.js,SourceCabKey=bootstrap.js,DestName=bootstrap.js,Attributes=512,FileSize=785,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1801788448,HashPart2=754767944,HashPart3=138751016,HashPart4=-1742177758,,)
MSI (s) (1C:D8) [15:52:41:743]: File: c:\Program Files (x86)\ScorpionSaver\bootstrap.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:744]: Source for file 'bootstrap.js' is compressed
MSI (s) (1C:D8) [15:52:41:758]: Executing op: FileCopy(SourceName=mxtxdgod.old|bootstrap.js.old,SourceCabKey=bootstrap.js.old,DestName=bootstrap.js.old,Attributes=512,FileSize=705,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1912754502,HashPart2=-2034729674,HashPart3=1986408764,HashPart4=1618839821,,)
MSI (s) (1C:D8) [15:52:41:758]: File: c:\Program Files (x86)\ScorpionSaver\bootstrap.js.old; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:758]: Source for file 'bootstrap.js.old' is compressed
MSI (s) (1C:D8) [15:52:41:761]: Executing op: FileCopy(SourceName=8wsvgm2z.js|background.js,SourceCabKey=chromebackground.js,DestName=background.js,Attributes=512,FileSize=3943,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1199374625,HashPart2=946599617,HashPart3=1485913324,HashPart4=-600817969,,)
MSI (s) (1C:D8) [15:52:41:762]: File: c:\Program Files (x86)\ScorpionSaver\background.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:762]: Source for file 'chromebackground.js' is compressed
MSI (s) (1C:D8) [15:52:41:768]: Executing op: FileCopy(SourceName=_vagkn0p|CustomActionInstall,SourceCabKey=CustomActionInstall,DestName=CustomActionInstall,Attributes=512,FileSize=743944,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1742879736,HashPart2=441019389,HashPart3=-1310708987,HashPart4=-1052002543,,)
MSI (s) (1C:D8) [15:52:41:768]: File: c:\Program Files (x86)\ScorpionSaver\CustomActionInstall; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:768]: Source for file 'CustomActionInstall' is compressed
MSI (s) (1C:D8) [15:52:41:814]: Executing op: FileCopy(SourceName=v1r51pgm|CustomActionUninstall,SourceCabKey=CustomActionUninstall,DestName=CustomActionUninstall,Attributes=512,FileSize=685576,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=919298364,HashPart2=-736375856,HashPart3=-714012716,HashPart4=1406137453,,)
MSI (s) (1C:D8) [15:52:41:815]: File: c:\Program Files (x86)\ScorpionSaver\CustomActionUninstall; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:815]: Source for file 'CustomActionUninstall' is compressed
MSI (s) (1C:D8) [15:52:41:862]: Executing op: FileCopy(SourceName=fqsd7jr9.js|ff_addon_runner.js,SourceCabKey=ff_addon_runner.js,DestName=ff_addon_runner.js,Attributes=512,FileSize=4931,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1350003814,HashPart2=-161944819,HashPart3=1270624866,HashPart4=-333340548,,)
MSI (s) (1C:D8) [15:52:41:863]: File: c:\Program Files (x86)\ScorpionSaver\ff_addon_runner.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:863]: Source for file 'ff_addon_runner.js' is compressed
MSI (s) (1C:D8) [15:52:41:866]: Executing op: FileCopy(SourceName=3-fb7qwe.js|ff_addonkit_page-mod.js,SourceCabKey=ff_addonkit_pagemod.js,DestName=ff_addonkit_page-mod.js,Attributes=512,FileSize=12993,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=883860745,HashPart2=-602934867,HashPart3=1799567804,HashPart4=-541831337,,)
MSI (s) (1C:D8) [15:52:41:866]: File: c:\Program Files (x86)\ScorpionSaver\ff_addonkit_page-mod.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:866]: Source for file 'ff_addonkit_pagemod.js' is compressed
MSI (s) (1C:D8) [15:52:41:870]: Executing op: FileCopy(SourceName=nama2kz8.js|ff_addonkit_private-browsing.js,SourceCabKey=ff_addonkit_privatebrowsing.js,DestName=ff_addonkit_private-browsing.js,Attributes=512,FileSize=1393,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1152710605,HashPart2=1565800409,HashPart3=297624955,HashPart4=-2076665396,,)
MSI (s) (1C:D8) [15:52:41:870]: File: c:\Program Files (x86)\ScorpionSaver\ff_addonkit_private-browsing.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:870]: Source for file 'ff_addonkit_privatebrowsing.js' is compressed
MSI (s) (1C:D8) [15:52:41:873]: Executing op: FileCopy(SourceName=yczi23kx.js|ff_addonkit_request.js,SourceCabKey=ff_addonkit_request.js,DestName=ff_addonkit_request.js,Attributes=512,FileSize=7043,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-297691359,HashPart2=89862601,HashPart3=-114588686,HashPart4=-1450983065,,)
MSI (s) (1C:D8) [15:52:41:873]: File: c:\Program Files (x86)\ScorpionSaver\ff_addonkit_request.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:873]: Source for file 'ff_addonkit_request.js' is compressed
MSI (s) (1C:D8) [15:52:41:877]: Executing op: FileCopy(SourceName=ofkhuusb.js|ff_addonkit_windows.js,SourceCabKey=ff_addonkit_windows.js,DestName=ff_addonkit_windows.js,Attributes=512,FileSize=8543,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1508363051,HashPart2=-1147328341,HashPart3=-82232759,HashPart4=-793687781,,)
MSI (s) (1C:D8) [15:52:41:877]: File: c:\Program Files (x86)\ScorpionSaver\ff_addonkit_windows.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:877]: Source for file 'ff_addonkit_windows.js' is compressed
MSI (s) (1C:D8) [15:52:41:880]: Executing op: FileCopy(SourceName=u-zqgmb2.js|ff_base_api-utils.js,SourceCabKey=ff_base_apiutils.js,DestName=ff_base_api-utils.js,Attributes=512,FileSize=5985,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-707659028,HashPart2=-1819343566,HashPart3=1837791572,HashPart4=1381418845,,)
MSI (s) (1C:D8) [15:52:41:880]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_api-utils.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:880]: Source for file 'ff_base_apiutils.js' is compressed
MSI (s) (1C:D8) [15:52:41:883]: Executing op: FileCopy(SourceName=llrj7shm.js|ff_base_base64.js,SourceCabKey=ff_base_base64.js,DestName=ff_base_base64.js,Attributes=512,FileSize=1102,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1027132917,HashPart2=433902698,HashPart3=1451181622,HashPart4=-1061279128,,)
MSI (s) (1C:D8) [15:52:41:884]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_base64.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:884]: Source for file 'ff_base_base64.js' is compressed
MSI (s) (1C:D8) [15:52:41:886]: Executing op: FileCopy(SourceName=ey2keouk.js|ff_base_byte-streams.js,SourceCabKey=ff_base_bytestreams.js,DestName=ff_base_byte-streams.js,Attributes=512,FileSize=2929,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1397104542,HashPart2=1192379877,HashPart3=-698467104,HashPart4=1190481085,,)
MSI (s) (1C:D8) [15:52:41:887]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_byte-streams.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:887]: Source for file 'ff_base_bytestreams.js' is compressed
MSI (s) (1C:D8) [15:52:41:889]: Executing op: FileCopy(SourceName=u3dwdeuq.js|ff_base_collection.js,SourceCabKey=ff_base_collection.js,DestName=ff_base_collection.js,Attributes=512,FileSize=3427,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=477085000,HashPart2=-1987620141,HashPart3=512989169,HashPart4=107804815,,)
MSI (s) (1C:D8) [15:52:41:890]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_collection.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:890]: Source for file 'ff_base_collection.js' is compressed
MSI (s) (1C:D8) [15:52:41:892]: Executing op: FileCopy(SourceName=sj1z_bka.js|ff_base_content.js,SourceCabKey=ff_base_content.js,DestName=ff_base_content.js,Attributes=512,FileSize=566,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1661333291,HashPart2=-2064769034,HashPart3=74571336,HashPart4=462181860,,)
MSI (s) (1C:D8) [15:52:41:893]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_content.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:893]: Source for file 'ff_base_content.js' is compressed
MSI (s) (1C:D8) [15:52:41:896]: Executing op: FileCopy(SourceName=kp89bfeq.js|ff_base_cortex.js,SourceCabKey=ff_base_cortex.js,DestName=ff_base_cortex.js,Attributes=512,FileSize=4908,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-2040201911,HashPart2=-1087463635,HashPart3=766987962,HashPart4=1122950108,,)
MSI (s) (1C:D8) [15:52:41:897]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_cortex.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:897]: Source for file 'ff_base_cortex.js' is compressed
MSI (s) (1C:D8) [15:52:41:900]: Executing op: FileCopy(SourceName=e7d_rk4-.js|ff_base_cuddlefish.js,SourceCabKey=ff_base_cuddlefish.js,DestName=ff_base_cuddlefish.js,Attributes=512,FileSize=2670,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1406063151,HashPart2=810188985,HashPart3=-214159820,HashPart4=2047856205,,)
MSI (s) (1C:D8) [15:52:41:901]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_cuddlefish.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:901]: Source for file 'ff_base_cuddlefish.js' is compressed
MSI (s) (1C:D8) [15:52:41:904]: Executing op: FileCopy(SourceName=fpa8wxzn.js|ff_base_deprecate.js,SourceCabKey=ff_base_deprecate.js,DestName=ff_base_deprecate.js,Attributes=512,FileSize=827,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-322368621,HashPart2=-916832735,HashPart3=1348347356,HashPart4=493216433,,)
MSI (s) (1C:D8) [15:52:41:905]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_deprecate.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:905]: Source for file 'ff_base_deprecate.js' is compressed
MSI (s) (1C:D8) [15:52:41:909]: Executing op: FileCopy(SourceName=54_wuacj.js|ff_base_environment.js,SourceCabKey=ff_base_environment.js,DestName=ff_base_environment.js,Attributes=512,FileSize=2558,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-683166481,HashPart2=-1375107837,HashPart3=754030168,HashPart4=170974232,,)
MSI (s) (1C:D8) [15:52:41:909]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_environment.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:909]: Source for file 'ff_base_environment.js' is compressed
MSI (s) (1C:D8) [15:52:41:912]: Executing op: FileCopy(SourceName=fkr-ktgh.js|ff_base_errors.js,SourceCabKey=ff_base_errors.js,DestName=ff_base_errors.js,Attributes=512,FileSize=2089,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=422913570,HashPart2=1094039835,HashPart3=-1146493019,HashPart4=1848292775,,)
MSI (s) (1C:D8) [15:52:41:913]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_errors.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:913]: Source for file 'ff_base_errors.js' is compressed
MSI (s) (1C:D8) [15:52:41:916]: Executing op: FileCopy(SourceName=1noafklq.js|ff_base_events.js,SourceCabKey=ff_base_events.js,DestName=ff_base_events.js,Attributes=512,FileSize=6600,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1065498327,HashPart2=-699940309,HashPart3=2071170609,HashPart4=235445004,,)
MSI (s) (1C:D8) [15:52:41:917]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_events.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:917]: Source for file 'ff_base_events.js' is compressed
MSI (s) (1C:D8) [15:52:41:920]: Executing op: FileCopy(SourceName=rwgtf90u.js|ff_base_file.js,SourceCabKey=ff_base_file.js,DestName=ff_base_file.js,Attributes=512,FileSize=5375,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1735748717,HashPart2=453886431,HashPart3=-946118946,HashPart4=-412821731,,)
MSI (s) (1C:D8) [15:52:41:920]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_file.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:920]: Source for file 'ff_base_file.js' is compressed
MSI (s) (1C:D8) [15:52:41:923]: Executing op: FileCopy(SourceName=aviy6jnf.js|ff_base_functional.js,SourceCabKey=ff_base_functional.js,DestName=ff_base_functional.js,Attributes=512,FileSize=5394,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1969878232,HashPart2=268273797,HashPart3=980786541,HashPart4=-750483487,,)
MSI (s) (1C:D8) [15:52:41:924]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_functional.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:924]: Source for file 'ff_base_functional.js' is compressed
MSI (s) (1C:D8) [15:52:41:927]: Executing op: FileCopy(SourceName=gs1nrmuv.js|ff_base_globals.js,SourceCabKey=ff_base_globals.js,DestName=ff_base_globals.js,Attributes=512,FileSize=2022,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1036891416,HashPart2=-1146392038,HashPart3=-1153333734,HashPart4=1790794185,,)
MSI (s) (1C:D8) [15:52:41:927]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_globals.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:927]: Source for file 'ff_base_globals.js' is compressed
MSI (s) (1C:D8) [15:52:41:930]: Executing op: FileCopy(SourceName=38mbfwua.js|ff_base_heritage.js,SourceCabKey=ff_base_heritage.js,DestName=ff_base_heritage.js,Attributes=512,FileSize=5980,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=250665215,HashPart2=-1545909810,HashPart3=1791965619,HashPart4=2023345945,,)
MSI (s) (1C:D8) [15:52:41:930]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_heritage.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:930]: Source for file 'ff_base_heritage.js' is compressed
MSI (s) (1C:D8) [15:52:41:933]: Executing op: FileCopy(SourceName=zcyct5jl.js|ff_base_hidden-frame.js,SourceCabKey=ff_base_hiddenframe.js,DestName=ff_base_hidden-frame.js,Attributes=512,FileSize=6112,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1227930040,HashPart2=274082143,HashPart3=398092098,HashPart4=1179833345,,)
MSI (s) (1C:D8) [15:52:41:934]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_hidden-frame.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:934]: Source for file 'ff_base_hiddenframe.js' is compressed
MSI (s) (1C:D8) [15:52:41:937]: Executing op: FileCopy(SourceName=5rmrgvof.js|ff_base_light-traits.js,SourceCabKey=ff_base_lighttraits.js,DestName=ff_base_light-traits.js,Attributes=512,FileSize=23106,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1017360317,HashPart2=-1237487891,HashPart3=-902598800,HashPart4=1422736164,,)
MSI (s) (1C:D8) [15:52:41:937]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_light-traits.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:937]: Source for file 'ff_base_lighttraits.js' is compressed
MSI (s) (1C:D8) [15:52:41:943]: Executing op: FileCopy(SourceName=rmoviceq.js|ff_base_list.js,SourceCabKey=ff_base_list.js,DestName=ff_base_list.js,Attributes=512,FileSize=4005,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-792071509,HashPart2=1788843386,HashPart3=893467060,HashPart4=1719270732,,)
MSI (s) (1C:D8) [15:52:41:943]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_list.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:943]: Source for file 'ff_base_list.js' is compressed
MSI (s) (1C:D8) [15:52:41:947]: Executing op: FileCopy(SourceName=tjzs_oiv.js|ff_base_loader.js,SourceCabKey=ff_base_loader.js,DestName=ff_base_loader.js,Attributes=512,FileSize=15683,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1520795343,HashPart2=-1215858420,HashPart3=306384371,HashPart4=-1692705136,,)
MSI (s) (1C:D8) [15:52:41:947]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_loader.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:947]: Source for file 'ff_base_loader.js' is compressed
MSI (s) (1C:D8) [15:52:41:951]: Executing op: FileCopy(SourceName=f4v_2djh.js|ff_base_match-pattern.js,SourceCabKey=ff_base_matchpattern.js,DestName=ff_base_match-pattern.js,Attributes=512,FileSize=3784,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-226197591,HashPart2=1195499668,HashPart3=-406579244,HashPart4=-14692873,,)
MSI (s) (1C:D8) [15:52:41:952]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_match-pattern.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:952]: Source for file 'ff_base_matchpattern.js' is compressed
MSI (s) (1C:D8) [15:52:41:955]: Executing op: FileCopy(SourceName=pw9x5utw.js|ff_base_memory.js,SourceCabKey=ff_base_memory.js,DestName=ff_base_memory.js,Attributes=512,FileSize=3491,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-38657918,HashPart2=2137767097,HashPart3=-1746511253,HashPart4=-110466320,,)
MSI (s) (1C:D8) [15:52:41:956]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_memory.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:956]: Source for file 'ff_base_memory.js' is compressed
MSI (s) (1C:D8) [15:52:41:960]: Executing op: FileCopy(SourceName=fdu2oypw.js|ff_base_namespace.js,SourceCabKey=ff_base_namespace.js,DestName=ff_base_namespace.js,Attributes=512,FileSize=1548,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1310633565,HashPart2=605422930,HashPart3=247190219,HashPart4=-1208545960,,)
MSI (s) (1C:D8) [15:52:41:960]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_namespace.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:960]: Source for file 'ff_base_namespace.js' is compressed
MSI (s) (1C:D8) [15:52:41:964]: Executing op: FileCopy(SourceName=jh6gouah.js|ff_base_observer-service.js,SourceCabKey=ff_base_observerservice.js,DestName=ff_base_observer-service.js,Attributes=512,FileSize=4081,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1133423192,HashPart2=-2078478918,HashPart3=1706917474,HashPart4=959357215,,)
MSI (s) (1C:D8) [15:52:41:964]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_observer-service.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:964]: Source for file 'ff_base_observerservice.js' is compressed
MSI (s) (1C:D8) [15:52:41:969]: Executing op: FileCopy(SourceName=f-iwquul.js|ff_base_plain-text-console.js,SourceCabKey=ff_base_plaintextconsole.js,DestName=ff_base_plain-text-console.js,Attributes=512,FileSize=2456,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=556501460,HashPart2=2090292707,HashPart3=-1546789793,HashPart4=-225413379,,)
MSI (s) (1C:D8) [15:52:41:969]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_plain-text-console.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:969]: Source for file 'ff_base_plaintextconsole.js' is compressed
MSI (s) (1C:D8) [15:52:41:973]: Executing op: FileCopy(SourceName=mekpjt7-.js|ff_base_preferences-service.js,SourceCabKey=ff_base_preferencesservice.js,DestName=ff_base_preferences-service.js,Attributes=512,FileSize=5534,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=456844347,HashPart2=-1074194309,HashPart3=-1500001231,HashPart4=-1188332881,,)
MSI (s) (1C:D8) [15:52:41:973]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_preferences-service.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:973]: Source for file 'ff_base_preferencesservice.js' is compressed
MSI (s) (1C:D8) [15:52:41:985]: Executing op: FileCopy(SourceName=qiwghqjc.js|ff_base_promise.js,SourceCabKey=ff_base_promise.js,DestName=ff_base_promise.js,Attributes=512,FileSize=7710,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=778070876,HashPart2=-245174839,HashPart3=1782094506,HashPart4=-1307060594,,)
MSI (s) (1C:D8) [15:52:41:985]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_promise.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:41:985]: Source for file 'ff_base_promise.js' is compressed
MSI (s) (1C:D8) [15:52:42:002]: Executing op: FileCopy(SourceName=qzj9cwlr.js|ff_base_querystring.js,SourceCabKey=ff_base_querystring.js,DestName=ff_base_querystring.js,Attributes=512,FileSize=4018,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1600909424,HashPart2=-1351288825,HashPart3=-1800025052,HashPart4=447279310,,)
MSI (s) (1C:D8) [15:52:42:002]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_querystring.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:002]: Source for file 'ff_base_querystring.js' is compressed
MSI (s) (1C:D8) [15:52:42:006]: Executing op: FileCopy(SourceName=qvnslqwe.js|ff_base_runtime.js,SourceCabKey=ff_base_runtime.js,DestName=ff_base_runtime.js,Attributes=512,FileSize=636,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=23881790,HashPart2=-94032851,HashPart3=-1881796859,HashPart4=1990658962,,)
MSI (s) (1C:D8) [15:52:42:006]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_runtime.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:006]: Source for file 'ff_base_runtime.js' is compressed
MSI (s) (1C:D8) [15:52:42:010]: Executing op: FileCopy(SourceName=vj0fgjgw.js|ff_base_sandbox.js,SourceCabKey=ff_base_sandbox.js,DestName=ff_base_sandbox.js,Attributes=512,FileSize=1708,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1534931667,HashPart2=907941365,HashPart3=650038333,HashPart4=474485676,,)
MSI (s) (1C:D8) [15:52:42:010]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_sandbox.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:010]: Source for file 'ff_base_sandbox.js' is compressed
MSI (s) (1C:D8) [15:52:42:014]: Executing op: FileCopy(SourceName=wld8k640.js|ff_base_self.js,SourceCabKey=ff_base_self.js,DestName=ff_base_self.js,Attributes=512,FileSize=1508,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1834385886,HashPart2=22064017,HashPart3=-1549924696,HashPart4=1894126801,,)
MSI (s) (1C:D8) [15:52:42:014]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_self.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:014]: Source for file 'ff_base_self.js' is compressed
MSI (s) (1C:D8) [15:52:42:017]: Executing op: FileCopy(SourceName=dzvbxxlx.js|ff_base_system.js,SourceCabKey=ff_base_system.js,DestName=ff_base_system.js,Attributes=512,FileSize=4825,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-533134232,HashPart2=13536599,HashPart3=-392610325,HashPart4=296744029,,)
MSI (s) (1C:D8) [15:52:42:018]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_system.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:018]: Source for file 'ff_base_system.js' is compressed
MSI (s) (1C:D8) [15:52:42:021]: Executing op: FileCopy(SourceName=9a6y65dg.js|ff_base_text-streams.js,SourceCabKey=ff_base_textstreams.js,DestName=ff_base_text-streams.js,Attributes=512,FileSize=8277,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-216496531,HashPart2=-1352632755,HashPart3=-591922922,HashPart4=911098776,,)
MSI (s) (1C:D8) [15:52:42:021]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_text-streams.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:021]: Source for file 'ff_base_textstreams.js' is compressed
MSI (s) (1C:D8) [15:52:42:025]: Executing op: FileCopy(SourceName=bw7y8-iv.js|ff_base_timer.js,SourceCabKey=ff_base_timer.js,DestName=ff_base_timer.js,Attributes=512,FileSize=1495,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-101000780,HashPart2=-1100381007,HashPart3=-415770927,HashPart4=-1215888511,,)
MSI (s) (1C:D8) [15:52:42:026]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_timer.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:026]: Source for file 'ff_base_timer.js' is compressed
MSI (s) (1C:D8) [15:52:42:029]: Executing op: FileCopy(SourceName=hstlbioa.js|ff_base_traceback.js,SourceCabKey=ff_base_traceback.js,DestName=ff_base_traceback.js,Attributes=512,FileSize=4034,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=52539111,HashPart2=2129161886,HashPart3=-682999998,HashPart4=-269651370,,)
MSI (s) (1C:D8) [15:52:42:029]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_traceback.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:029]: Source for file 'ff_base_traceback.js' is compressed
MSI (s) (1C:D8) [15:52:42:032]: Executing op: FileCopy(SourceName=tqvwbm5b.js|ff_base_traits.js,SourceCabKey=ff_base_traits.js,DestName=ff_base_traits.js,Attributes=512,FileSize=6292,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1836090366,HashPart2=952112427,HashPart3=331837265,HashPart4=-1331030797,,)
MSI (s) (1C:D8) [15:52:42:032]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_traits.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:032]: Source for file 'ff_base_traits.js' is compressed
MSI (s) (1C:D8) [15:52:42:035]: Executing op: FileCopy(SourceName=eetpmyzo.js|ff_base_unload.js,SourceCabKey=ff_base_unload.js,DestName=ff_base_unload.js,Attributes=512,FileSize=2304,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-364165376,HashPart2=1346334729,HashPart3=49550309,HashPart4=-854455479,,)
MSI (s) (1C:D8) [15:52:42:035]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_unload.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:035]: Source for file 'ff_base_unload.js' is compressed
MSI (s) (1C:D8) [15:52:42:038]: Executing op: FileCopy(SourceName=q3o1t2fn.js|ff_base_url.js,SourceCabKey=ff_base_url.js,DestName=ff_base_url.js,Attributes=512,FileSize=6353,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=112011760,HashPart2=-1241774975,HashPart3=-2137319100,HashPart4=-780785665,,)
MSI (s) (1C:D8) [15:52:42:038]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_url.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:038]: Source for file 'ff_base_url.js' is compressed
MSI (s) (1C:D8) [15:52:42:042]: Executing op: FileCopy(SourceName=j7irzaxp.js|ff_base_uuid.js,SourceCabKey=ff_base_uuid.js,DestName=ff_base_uuid.js,Attributes=512,FileSize=662,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1403528827,HashPart2=-1956440267,HashPart3=1682557724,HashPart4=848765358,,)
MSI (s) (1C:D8) [15:52:42:042]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_uuid.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:042]: Source for file 'ff_base_uuid.js' is compressed
MSI (s) (1C:D8) [15:52:42:045]: Executing op: FileCopy(SourceName=hzun1goe.js|ff_base_window-utils.js,SourceCabKey=ff_base_windowutils.js,DestName=ff_base_window-utils.js,Attributes=512,FileSize=6171,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=830187611,HashPart2=-241977704,HashPart3=-1103026916,HashPart4=807967056,,)
MSI (s) (1C:D8) [15:52:42:045]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_window-utils.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:045]: Source for file 'ff_base_windowutils.js' is compressed
MSI (s) (1C:D8) [15:52:42:049]: Executing op: FileCopy(SourceName=p5axqd-0.js|ff_base_xhr.js,SourceCabKey=ff_base_xhr.js,DestName=ff_base_xhr.js,Attributes=512,FileSize=5108,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-2109004806,HashPart2=-2098760343,HashPart3=-1494247929,HashPart4=-1072491031,,)
MSI (s) (1C:D8) [15:52:42:049]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_xhr.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:049]: Source for file 'ff_base_xhr.js' is compressed
MSI (s) (1C:D8) [15:52:42:052]: Executing op: FileCopy(SourceName=kxnyxytz.js|ff_base_xpcom.js,SourceCabKey=ff_base_xpcom.js,DestName=ff_base_xpcom.js,Attributes=512,FileSize=8954,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1924279091,HashPart2=1543411754,HashPart3=-1014138249,HashPart4=-720392500,,)
MSI (s) (1C:D8) [15:52:42:052]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_xpcom.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:052]: Source for file 'ff_base_xpcom.js' is compressed
MSI (s) (1C:D8) [15:52:42:056]: Executing op: FileCopy(SourceName=crlghlvu.js|ff_base_xul-app.js,SourceCabKey=ff_base_xulapp.js,DestName=ff_base_xul-app.js,Attributes=512,FileSize=2437,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-65934538,HashPart2=89776365,HashPart3=970974247,HashPart4=1169539084,,)
MSI (s) (1C:D8) [15:52:42:056]: File: c:\Program Files (x86)\ScorpionSaver\ff_base_xul-app.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:056]: Source for file 'ff_base_xulapp.js' is compressed
MSI (s) (1C:D8) [15:52:42:060]: Executing op: FileCopy(SourceName=lyyqxwg3.js|ff_bootstrap.js,SourceCabKey=ff_bootstrap.js,DestName=ff_bootstrap.js,Attributes=512,FileSize=9295,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-2015397450,HashPart2=-1005117999,HashPart3=-1821280262,HashPart4=-1561690606,,)
MSI (s) (1C:D8) [15:52:42:061]: File: c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:061]: Source for file 'ff_bootstrap.js' is compressed
MSI (s) (1C:D8) [15:52:42:065]: Executing op: FileCopy(SourceName=euvowbhc.js|ff_content_content-proxy.js,SourceCabKey=ff_content_contentproxy.js,DestName=ff_content_content-proxy.js,Attributes=512,FileSize=30630,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1800150227,HashPart2=2010480943,HashPart3=-1270848403,HashPart4=1743205242,,)
MSI (s) (1C:D8) [15:52:42:065]: File: c:\Program Files (x86)\ScorpionSaver\ff_content_content-proxy.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:065]: Source for file 'ff_content_contentproxy.js' is compressed
MSI (s) (1C:D8) [15:52:42:071]: Executing op: FileCopy(SourceName=t7iosqfb.js|ff_content_content-worker.js,SourceCabKey=ff_content_contentworker.js,DestName=ff_content_content-worker.js,Attributes=512,FileSize=11263,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=643413824,HashPart2=499604227,HashPart3=-89823119,HashPart4=-841331149,,)
MSI (s) (1C:D8) [15:52:42:071]: File: c:\Program Files (x86)\ScorpionSaver\ff_content_content-worker.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:071]: Source for file 'ff_content_contentworker.js' is compressed
MSI (s) (1C:D8) [15:52:42:075]: Executing op: FileCopy(SourceName=zmg1bfgy.js|ff_content_loader.js,SourceCabKey=ff_content_loader.js,DestName=ff_content_loader.js,Attributes=512,FileSize=6597,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-275044088,HashPart2=594172990,HashPart3=2055543178,HashPart4=1047758583,,)
MSI (s) (1C:D8) [15:52:42:076]: File: c:\Program Files (x86)\ScorpionSaver\ff_content_loader.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:076]: Source for file 'ff_content_loader.js' is compressed
MSI (s) (1C:D8) [15:52:42:079]: Executing op: FileCopy(SourceName=i5ddjrer.js|ff_content_symbiont.js,SourceCabKey=ff_content_symbiont.js,DestName=ff_content_symbiont.js,Attributes=512,FileSize=6923,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1649897267,HashPart2=2004902274,HashPart3=787602574,HashPart4=1736312685,,)
MSI (s) (1C:D8) [15:52:42:080]: File: c:\Program Files (x86)\ScorpionSaver\ff_content_symbiont.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:080]: Source for file 'ff_content_symbiont.js' is compressed
MSI (s) (1C:D8) [15:52:42:083]: Executing op: FileCopy(SourceName=vggezw_s.js|ff_content_worker.js,SourceCabKey=ff_content_worker.js,DestName=ff_content_worker.js,Attributes=512,FileSize=20670,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1511403779,HashPart2=-1147310639,HashPart3=840078423,HashPart4=53450448,,)
MSI (s) (1C:D8) [15:52:42:084]: File: c:\Program Files (x86)\ScorpionSaver\ff_content_worker.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:084]: Source for file 'ff_content_worker.js' is compressed
MSI (s) (1C:D8) [15:52:42:088]: Executing op: FileCopy(SourceName=qb_lcnmw.js|ff_dom_events.js,SourceCabKey=ff_dom_events.js,DestName=ff_dom_events.js,Attributes=512,FileSize=6072,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-630192660,HashPart2=-983064950,HashPart3=-124197887,HashPart4=-1040141370,,)
MSI (s) (1C:D8) [15:52:42:088]: File: c:\Program Files (x86)\ScorpionSaver\ff_dom_events.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:089]: Source for file 'ff_dom_events.js' is compressed
MSI (s) (1C:D8) [15:52:42:092]: Executing op: FileCopy(SourceName=ltq5ovek.js|ff_event_core.js,SourceCabKey=ff_event_core.js,DestName=ff_event_core.js,Attributes=512,FileSize=5116,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1422479130,HashPart2=-108632931,HashPart3=1356762625,HashPart4=-1363911710,,)
MSI (s) (1C:D8) [15:52:42:092]: File: c:\Program Files (x86)\ScorpionSaver\ff_event_core.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:092]: Source for file 'ff_event_core.js' is compressed
MSI (s) (1C:D8) [15:52:42:095]: Executing op: FileCopy(SourceName=qhyypdwa.js|ff_event_target.js,SourceCabKey=ff_event_target.js,DestName=ff_event_target.js,Attributes=512,FileSize=2910,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1080312914,HashPart2=-338230572,HashPart3=1531917604,HashPart4=824419106,,)
MSI (s) (1C:D8) [15:52:42:095]: File: c:\Program Files (x86)\ScorpionSaver\ff_event_target.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:095]: Source for file 'ff_event_target.js' is compressed
MSI (s) (1C:D8) [15:52:42:112]: Executing op: FileCopy(SourceName=nleqkvyp.js|ff_events_assembler.js,SourceCabKey=ff_events_assembler.js,DestName=ff_events_assembler.js,Attributes=512,FileSize=1979,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-360817316,HashPart2=1709499628,HashPart3=-1682688271,HashPart4=-70058227,,)
MSI (s) (1C:D8) [15:52:42:112]: File: c:\Program Files (x86)\ScorpionSaver\ff_events_assembler.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:112]: Source for file 'ff_events_assembler.js' is compressed
MSI (s) (1C:D8) [15:52:42:116]: Executing op: FileCopy(SourceName=lcvt4bph.jso|ff_harness-options.json,SourceCabKey=ff_harnessoptions.json,DestName=ff_harness-options.json,Attributes=512,FileSize=42375,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-956030305,HashPart2=1727235858,HashPart3=1447952967,HashPart4=973858358,,)
MSI (s) (1C:D8) [15:52:42:116]: File: c:\Program Files (x86)\ScorpionSaver\ff_harness-options.json; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:116]: Source for file 'ff_harnessoptions.json' is compressed
MSI (s) (1C:D8) [15:52:42:120]: Executing op: FileCopy(SourceName=ff_icon.png,SourceCabKey=ff_icon.png,DestName=ff_icon.png,Attributes=512,FileSize=7661,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1028961819,HashPart2=-1261529403,HashPart3=172587596,HashPart4=-846895395,,)
MSI (s) (1C:D8) [15:52:42:121]: File: c:\Program Files (x86)\ScorpionSaver\ff_icon.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:121]: Source for file 'ff_icon.png' is compressed
MSI (s) (1C:D8) [15:52:42:125]: Executing op: FileCopy(SourceName=8rl5zltd.png|ff_icon64.png,SourceCabKey=ff_icon64.png,DestName=ff_icon64.png,Attributes=512,FileSize=7661,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1028961819,HashPart2=-1261529403,HashPart3=172587596,HashPart4=-846895395,,)
MSI (s) (1C:D8) [15:52:42:125]: File: c:\Program Files (x86)\ScorpionSaver\ff_icon64.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:125]: Source for file 'ff_icon64.png' is compressed
MSI (s) (1C:D8) [15:52:42:127]: Executing op: FileCopy(SourceName=j3pf67r-.rdf|ff_install.rdf,SourceCabKey=ff_install.rdf,DestName=ff_install.rdf,Attributes=512,FileSize=1220,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1216690864,HashPart2=-493448227,HashPart3=-2068839582,HashPart4=1038131310,,)
MSI (s) (1C:D8) [15:52:42:127]: File: c:\Program Files (x86)\ScorpionSaver\ff_install.rdf; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:127]: Source for file 'ff_install.rdf' is compressed
MSI (s) (1C:D8) [15:52:42:129]: Executing op: FileCopy(SourceName=-vmgo_9z.js|ff_l10n_core.js,SourceCabKey=ff_l10n_core.js,DestName=ff_l10n_core.js,Attributes=512,FileSize=1122,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=798111964,HashPart2=2047979461,HashPart3=2108869952,HashPart4=-1380742606,,)
MSI (s) (1C:D8) [15:52:42:129]: File: c:\Program Files (x86)\ScorpionSaver\ff_l10n_core.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:129]: Source for file 'ff_l10n_core.js' is compressed
MSI (s) (1C:D8) [15:52:42:132]: Executing op: FileCopy(SourceName=t_5o73ja.js|ff_l10n_html.js,SourceCabKey=ff_l10n_html.js,DestName=ff_l10n_html.js,Attributes=512,FileSize=2902,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=552705128,HashPart2=424691016,HashPart3=-491083601,HashPart4=1724090738,,)
MSI (s) (1C:D8) [15:52:42:132]: File: c:\Program Files (x86)\ScorpionSaver\ff_l10n_html.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:132]: Source for file 'ff_l10n_html.js' is compressed
MSI (s) (1C:D8) [15:52:42:136]: Executing op: FileCopy(SourceName=yxpxeo6_.js|ff_l10n_loader.js,SourceCabKey=ff_l10n_loader.js,DestName=ff_l10n_loader.js,Attributes=512,FileSize=3003,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-395430131,HashPart2=-1735365122,HashPart3=938830867,HashPart4=1009490401,,)
MSI (s) (1C:D8) [15:52:42:136]: File: c:\Program Files (x86)\ScorpionSaver\ff_l10n_loader.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:136]: Source for file 'ff_l10n_loader.js' is compressed
MSI (s) (1C:D8) [15:52:42:139]: Executing op: FileCopy(SourceName=urwhkjdo.js|ff_l10n_locale.js,SourceCabKey=ff_l10n_locale.js,DestName=ff_l10n_locale.js,Attributes=512,FileSize=4662,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1570410495,HashPart2=2026488823,HashPart3=-642233251,HashPart4=-54536299,,)
MSI (s) (1C:D8) [15:52:42:140]: File: c:\Program Files (x86)\ScorpionSaver\ff_l10n_locale.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:140]: Source for file 'ff_l10n_locale.js' is compressed
MSI (s) (1C:D8) [15:52:42:144]: Executing op: FileCopy(SourceName=43log48n.js|ff_l10n_prefs.js,SourceCabKey=ff_l10n_prefs.js,DestName=ff_l10n_prefs.js,Attributes=512,FileSize=1286,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-80028497,HashPart2=-872748808,HashPart3=-42590183,HashPart4=-964223024,,)
MSI (s) (1C:D8) [15:52:42:144]: File: c:\Program Files (x86)\ScorpionSaver\ff_l10n_prefs.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:144]: Source for file 'ff_l10n_prefs.js' is compressed
MSI (s) (1C:D8) [15:52:42:147]: Executing op: FileCopy(SourceName=4wwthjz0.jso|ff_locales.json,SourceCabKey=ff_locales.json,DestName=ff_locales.json,Attributes=512,FileSize=17,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=82858458,HashPart2=958956719,HashPart3=-576468482,HashPart4=-483045674,,)
MSI (s) (1C:D8) [15:52:42:148]: File: c:\Program Files (x86)\ScorpionSaver\ff_locales.json; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:148]: Source for file 'ff_locales.json' is compressed
MSI (s) (1C:D8) [15:52:42:151]: Executing op: FileCopy(SourceName=ff_main.js,SourceCabKey=ff_main.js,DestName=ff_main.js,Attributes=512,FileSize=4977,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1906505747,HashPart2=50983312,HashPart3=114584310,HashPart4=-817666723,,)
MSI (s) (1C:D8) [15:52:42:151]: File: c:\Program Files (x86)\ScorpionSaver\ff_main.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:151]: Source for file 'ff_main.js' is compressed
MSI (s) (1C:D8) [15:52:42:154]: Executing op: FileCopy(SourceName=ad3aj21-.old|ff_main.js.old,SourceCabKey=ff_main.js.old,DestName=ff_main.js.old,Attributes=512,FileSize=4982,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1798967591,HashPart2=1670058611,HashPart3=-1254426618,HashPart4=-1737187747,,)
MSI (s) (1C:D8) [15:52:42:155]: File: c:\Program Files (x86)\ScorpionSaver\ff_main.js.old; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:155]: Source for file 'ff_main.js.old' is compressed
MSI (s) (1C:D8) [15:52:42:156]: Executing op: FileCopy(SourceName=ff_prefs.js,SourceCabKey=ff_prefs.js,DestName=ff_prefs.js,Attributes=512,FileSize=0,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=0,HashPart2=0,HashPart3=0,HashPart4=0,,)
MSI (s) (1C:D8) [15:52:42:157]: File: c:\Program Files (x86)\ScorpionSaver\ff_prefs.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:157]: Source for file 'ff_prefs.js' is compressed
MSI (s) (1C:D8) [15:52:42:158]: Executing op: FileCopy(SourceName=k4t_r1pi.js|ff_privatebrowsing_utils.js,SourceCabKey=ff_privatebrowsing_utils.js,DestName=ff_privatebrowsing_utils.js,Attributes=512,FileSize=2731,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1598800911,HashPart2=781152107,HashPart3=-1085059069,HashPart4=-1605048366,,)
MSI (s) (1C:D8) [15:52:42:159]: File: c:\Program Files (x86)\ScorpionSaver\ff_privatebrowsing_utils.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:159]: Source for file 'ff_privatebrowsing_utils.js' is compressed
MSI (s) (1C:D8) [15:52:42:162]: Executing op: FileCopy(SourceName=dbyhegsi.js|ff_system_events.js,SourceCabKey=ff_system_events.js,DestName=ff_system_events.js,Attributes=512,FileSize=3724,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-428230867,HashPart2=-776152042,HashPart3=847745381,HashPart4=-136088894,,)
MSI (s) (1C:D8) [15:52:42:162]: File: c:\Program Files (x86)\ScorpionSaver\ff_system_events.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:162]: Source for file 'ff_system_events.js' is compressed
MSI (s) (1C:D8) [15:52:42:165]: Executing op: FileCopy(SourceName=utkdfwic.js|ff_tabs_events.js,SourceCabKey=ff_tabs_events.js,DestName=ff_tabs_events.js,Attributes=512,FileSize=742,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=444527278,HashPart2=-177288345,HashPart3=-891656105,HashPart4=-1279968233,,)
MSI (s) (1C:D8) [15:52:42:165]: File: c:\Program Files (x86)\ScorpionSaver\ff_tabs_events.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:165]: Source for file 'ff_tabs_events.js' is compressed
MSI (s) (1C:D8) [15:52:42:168]: Executing op: FileCopy(SourceName=uobbm94l.js|ff_tabs_observer.js,SourceCabKey=ff_tabs_observer.js,DestName=ff_tabs_observer.js,Attributes=512,FileSize=3718,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=894555955,HashPart2=-1098011533,HashPart3=1585422503,HashPart4=-948001142,,)
MSI (s) (1C:D8) [15:52:42:169]: File: c:\Program Files (x86)\ScorpionSaver\ff_tabs_observer.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:169]: Source for file 'ff_tabs_observer.js' is compressed
MSI (s) (1C:D8) [15:52:42:172]: Executing op: FileCopy(SourceName=jdf8bcfh.js|ff_tabs_tab.js,SourceCabKey=ff_tabs_tab.js,DestName=ff_tabs_tab.js,Attributes=512,FileSize=8011,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-8615032,HashPart2=1535631357,HashPart3=-1622234276,HashPart4=-1990537551,,)
MSI (s) (1C:D8) [15:52:42:172]: File: c:\Program Files (x86)\ScorpionSaver\ff_tabs_tab.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:172]: Source for file 'ff_tabs_tab.js' is compressed
MSI (s) (1C:D8) [15:52:42:176]: Executing op: FileCopy(SourceName=2ky3nafq.js|ff_tabs_utils.js,SourceCabKey=ff_tabs_utils.js,DestName=ff_tabs_utils.js,Attributes=512,FileSize=3409,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1140880555,HashPart2=-1318869531,HashPart3=1967363656,HashPart4=198346386,,)
MSI (s) (1C:D8) [15:52:42:176]: File: c:\Program Files (x86)\ScorpionSaver\ff_tabs_utils.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:176]: Source for file 'ff_tabs_utils.js' is compressed
MSI (s) (1C:D8) [15:52:42:179]: Executing op: FileCopy(SourceName=nz4fcn0n.js|ff_traits_core.js,SourceCabKey=ff_traits_core.js,DestName=ff_traits_core.js,Attributes=512,FileSize=10743,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1665453346,HashPart2=-2139750040,HashPart3=-2030628176,HashPart4=-1712519874,,)
MSI (s) (1C:D8) [15:52:42:179]: File: c:\Program Files (x86)\ScorpionSaver\ff_traits_core.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:180]: Source for file 'ff_traits_core.js' is compressed
MSI (s) (1C:D8) [15:52:42:184]: Executing op: FileCopy(SourceName=lmzdwzji.js|ff_utils_data.js,SourceCabKey=ff_utils_data.js,DestName=ff_utils_data.js,Attributes=512,FileSize=2645,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1730485583,HashPart2=-1865648435,HashPart3=1124626423,HashPart4=-2096561063,,)
MSI (s) (1C:D8) [15:52:42:184]: File: c:\Program Files (x86)\ScorpionSaver\ff_utils_data.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:184]: Source for file 'ff_utils_data.js' is compressed
MSI (s) (1C:D8) [15:52:42:187]: Executing op: FileCopy(SourceName=x_clszqz.js|ff_utils_object.js,SourceCabKey=ff_utils_object.js,DestName=ff_utils_object.js,Attributes=512,FileSize=1663,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-480416023,HashPart2=1413414383,HashPart3=2067260224,HashPart4=-500543042,,)
MSI (s) (1C:D8) [15:52:42:188]: File: c:\Program Files (x86)\ScorpionSaver\ff_utils_object.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:188]: Source for file 'ff_utils_object.js' is compressed
MSI (s) (1C:D8) [15:52:42:191]: Executing op: FileCopy(SourceName=ykryhnia.js|ff_utils_registry.js,SourceCabKey=ff_utils_registry.js,DestName=ff_utils_registry.js,Attributes=512,FileSize=1919,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1716792603,HashPart2=453513140,HashPart3=-1709479017,HashPart4=2098480990,,)
MSI (s) (1C:D8) [15:52:42:191]: File: c:\Program Files (x86)\ScorpionSaver\ff_utils_registry.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:191]: Source for file 'ff_utils_registry.js' is compressed
MSI (s) (1C:D8) [15:52:42:194]: Executing op: FileCopy(SourceName=bu0lswtr.js|ff_utils_thumbnail.js,SourceCabKey=ff_utils_thumbnail.js,DestName=ff_utils_thumbnail.js,Attributes=512,FileSize=1660,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1478465502,HashPart2=867794997,HashPart3=100262669,HashPart4=1947530628,,)
MSI (s) (1C:D8) [15:52:42:194]: File: c:\Program Files (x86)\ScorpionSaver\ff_utils_thumbnail.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:195]: Source for file 'ff_utils_thumbnail.js' is compressed
MSI (s) (1C:D8) [15:52:42:198]: Executing op: FileCopy(SourceName=tptkwbx8.js|ff_window_utils.js,SourceCabKey=ff_window_utils.js,DestName=ff_window_utils.js,Attributes=512,FileSize=5704,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1549022575,HashPart2=-1761251221,HashPart3=-521267706,HashPart4=-664871246,,)
MSI (s) (1C:D8) [15:52:42:198]: File: c:\Program Files (x86)\ScorpionSaver\ff_window_utils.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:198]: Source for file 'ff_window_utils.js' is compressed
MSI (s) (1C:D8) [15:52:42:201]: Executing op: FileCopy(SourceName=vhhtmrw7.js|ff_windows_dom.js,SourceCabKey=ff_windows_dom.js,DestName=ff_windows_dom.js,Attributes=512,FileSize=941,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1580469946,HashPart2=-1405758725,HashPart3=-75134505,HashPart4=180565606,,)
MSI (s) (1C:D8) [15:52:42:201]: File: c:\Program Files (x86)\ScorpionSaver\ff_windows_dom.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:201]: Source for file 'ff_windows_dom.js' is compressed
MSI (s) (1C:D8) [15:52:42:204]: Executing op: FileCopy(SourceName=0t6xfjhw.js|ff_windows_loader.js,SourceCabKey=ff_windows_loader.js,DestName=ff_windows_loader.js,Attributes=512,FileSize=4346,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=319529862,HashPart2=1593243653,HashPart3=-1900036315,HashPart4=-1585572100,,)
MSI (s) (1C:D8) [15:52:42:205]: File: c:\Program Files (x86)\ScorpionSaver\ff_windows_loader.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:205]: Source for file 'ff_windows_loader.js' is compressed
MSI (s) (1C:D8) [15:52:42:208]: Executing op: FileCopy(SourceName=turusgap.js|ff_windows_observer.js,SourceCabKey=ff_windows_observer.js,DestName=ff_windows_observer.js,Attributes=512,FileSize=1757,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1293771185,HashPart2=-876296447,HashPart3=79874953,HashPart4=1971559458,,)
MSI (s) (1C:D8) [15:52:42:208]: File: c:\Program Files (x86)\ScorpionSaver\ff_windows_observer.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:208]: Source for file 'ff_windows_observer.js' is compressed
MSI (s) (1C:D8) [15:52:42:213]: Executing op: FileCopy(SourceName=5vrohn6p.js|ff_windows_tabs.js,SourceCabKey=ff_windows_tabs.js,DestName=ff_windows_tabs.js,Attributes=512,FileSize=6872,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-896289187,HashPart2=-675513253,HashPart3=190837964,HashPart4=1399970721,,)
MSI (s) (1C:D8) [15:52:42:214]: File: c:\Program Files (x86)\ScorpionSaver\ff_windows_tabs.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:214]: Source for file 'ff_windows_tabs.js' is compressed
MSI (s) (1C:D8) [15:52:42:217]: Executing op: FileCopy(SourceName=icon128.png,SourceCabKey=icon128.png,DestName=icon128.png,Attributes=512,FileSize=16837,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=2115057586,HashPart2=133269868,HashPart3=210670133,HashPart4=-852912179,,)
MSI (s) (1C:D8) [15:52:42:217]: File: c:\Program Files (x86)\ScorpionSaver\icon128.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:218]: Source for file 'icon128.png' is compressed
MSI (s) (1C:D8) [15:52:42:220]: Executing op: FileCopy(SourceName=icon16.png,SourceCabKey=icon16.png,DestName=icon16.png,Attributes=512,FileSize=3388,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1577313478,HashPart2=-1355926979,HashPart3=-221881210,HashPart4=1313744799,,)
MSI (s) (1C:D8) [15:52:42:220]: File: c:\Program Files (x86)\ScorpionSaver\icon16.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:220]: Source for file 'icon16.png' is compressed
MSI (s) (1C:D8) [15:52:42:221]: Executing op: FileCopy(SourceName=icon32.png,SourceCabKey=icon32.png,DestName=icon32.png,Attributes=512,FileSize=4765,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1638966732,HashPart2=464742534,HashPart3=-1520629642,HashPart4=1586181244,,)
MSI (s) (1C:D8) [15:52:42:222]: File: c:\Program Files (x86)\ScorpionSaver\icon32.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:222]: Source for file 'icon32.png' is compressed
MSI (s) (1C:D8) [15:52:42:223]: Executing op: FileCopy(SourceName=icon48.png,SourceCabKey=icon48.png,DestName=icon48.png,Attributes=512,FileSize=6406,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=1581966188,HashPart2=-620162111,HashPart3=1986524793,HashPart4=-1457750254,,)
MSI (s) (1C:D8) [15:52:42:223]: File: c:\Program Files (x86)\ScorpionSaver\icon48.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:223]: Source for file 'icon48.png' is compressed
MSI (s) (1C:D8) [15:52:42:225]: Executing op: FileCopy(SourceName=icon64.png,SourceCabKey=icon64.png,DestName=icon64.png,Attributes=512,FileSize=7661,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1028961819,HashPart2=-1261529403,HashPart3=172587596,HashPart4=-846895395,,)
MSI (s) (1C:D8) [15:52:42:225]: File: c:\Program Files (x86)\ScorpionSaver\icon64.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:225]: Source for file 'icon64.png' is compressed
MSI (s) (1C:D8) [15:52:42:227]: Executing op: FileCopy(SourceName=icon8.png,SourceCabKey=icon8.png,DestName=icon8.png,Attributes=512,FileSize=3023,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-21759877,HashPart2=-920018226,HashPart3=-467096166,HashPart4=2037918590,,)
MSI (s) (1C:D8) [15:52:42:228]: File: c:\Program Files (x86)\ScorpionSaver\icon8.png; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:228]: Source for file 'icon8.png' is compressed
MSI (s) (1C:D8) [15:52:42:229]: Executing op: FileCopy(SourceName=IECore.dll,SourceCabKey=IECore.dll,DestName=IECore.dll,Attributes=512,FileSize=87560,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=2051983510,HashPart2=1656176687,HashPart3=-1968813634,HashPart4=969607923,,)
MSI (s) (1C:D8) [15:52:42:230]: File: c:\Program Files (x86)\ScorpionSaver\IECore.dll; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:230]: Source for file 'IECore.dll' is compressed
MSI (s) (1C:D8) [15:52:42:244]: Executing op: FileCopy(SourceName=jmqdfyrj.jso|manifest.json,SourceCabKey=manifest.json,DestName=manifest.json,Attributes=512,FileSize=1273,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1893363490,HashPart2=-1389868375,HashPart3=-2061356825,HashPart4=1583403325,,)
MSI (s) (1C:D8) [15:52:42:244]: File: c:\Program Files (x86)\ScorpionSaver\manifest.json; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:244]: Source for file 'manifest.json' is compressed
MSI (s) (1C:D8) [15:52:42:247]: Executing op: FileCopy(SourceName=3iioeqgh.js|marcopolo.js,SourceCabKey=marcopolo.js,DestName=marcopolo.js,Attributes=512,FileSize=607,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1150160956,HashPart2=-879076789,HashPart3=942927881,HashPart4=-1817786394,,)
MSI (s) (1C:D8) [15:52:42:248]: File: c:\Program Files (x86)\ScorpionSaver\marcopolo.js; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:248]: Source for file 'marcopolo.js' is compressed
MSI (s) (1C:D8) [15:52:42:250]: Executing op: FileCopy(SourceName=SendJson.dll,SourceCabKey=SendJson,DestName=SendJson.dll,Attributes=512,FileSize=368128,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-59094699,HashPart2=1004813978,HashPart3=595056615,HashPart4=1575835997,,)
MSI (s) (1C:D8) [15:52:42:251]: File: c:\Program Files (x86)\ScorpionSaver\SendJson.dll; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:251]: Source for file 'SendJson' is compressed
MSI (s) (1C:D8) [15:52:42:276]: Executing op: FileCopy(SourceName=bcdeaqcu.dll|Microsoft.Deployment.WindowsInstaller.dll,SourceCabKey=WindowsInstallerdll,DestName=Microsoft.Deployment.WindowsInstaller.dll,Attributes=512,FileSize=180224,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=3.6.3303.0,Language=0,InstallMode=58982400,,,,,,,)
MSI (s) (1C:D8) [15:52:42:277]: File: c:\Program Files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:277]: Source for file 'WindowsInstallerdll' is compressed
MSI (s) (1C:D8) [15:52:42:291]: Executing op: FileCopy(SourceName=teowi4lc.xml|Microsoft.Deployment.WindowsInstaller.xml,SourceCabKey=WindowsInstallerxml,DestName=Microsoft.Deployment.WindowsInstaller.xml,Attributes=512,FileSize=485807,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-529702913,HashPart2=120212815,HashPart3=-1778603535,HashPart4=-1307356715,,)
MSI (s) (1C:D8) [15:52:42:292]: File: c:\Program Files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml; To be installed; Won't patch; No existing file
MSI (s) (1C:D8) [15:52:42:292]: Source for file 'WindowsInstallerxml' is compressed
MSI (s) (1C:D8) [15:52:42:296]: Executing op: CacheSizeFlush(,)
MSI (s) (1C:D8) [15:52:42:296]: Executing op: ActionStart(Name=CustomActionInstall,,)
MSI (s) (1C:D8) [15:52:42:299]: Executing op: CustomActionSchedule(Action=CustomActionInstall,ActionType=3137,Source=BinaryData,Target=Install,CustomActionData=SourceGUID:2594 VMFlag: UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 FFEnabled:TRUE IEEnabled:TRUE ChromeEnabled:TRUE Options:01110010000000000000000000000000)
MSI (s) (1C:30) [15:52:42:325]: Invoking remote custom action. DLL: C:\windows\Installer\MSIE46B.tmp, Entrypoint: Install
MSI (s) (1C:60) [15:52:42:325]: Generating random cookie.
MSI (s) (1C:60) [15:52:42:329]: Created Custom Action Server with PID 19912 (0x4DC8).
MSI (s) (1C:D4) [15:52:42:384]: Running as a service.
MSI (s) (1C:A8) [15:52:42:387]: Hello, I'm your 32bit Elevated custom action server.
Install: Initialized.
Install: Custom Action Data = 'SourceGUID:2594 VMFlag: UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 FFEnabled:TRUE IEEnabled:TRUE ChromeEnabled:TRUE Options:01110010000000000000000000000000'.
Install: In GetParameters
Install: SourceGUID = 2594
Install: VMFlag =
Install: UserGUID = 96964645-B958-6104-FFBB-83B14C8F7590
Install: FFEnabled = TRUE
Install: IEEnabled = TRUE
Install: ChromeEnabled = TRUE
Install: OptionsArg Before GetParameters =
Install: OptionsArg After GetParameters= 01110010000000000000000000000000
Install: Completed GetParameters
Install: In Install, retrieved parameters.
Install: Attempting to open registry key Software
Install: Attempting to create registry key Adpeak, Inc.
Install: Attempting to create registry key ScorpionSaver
Install: Attempting to create registry key Chrome
Install: Attempting to create registry key IE
Install: Attempting to create registry key Firefox
Install: Begin Kill All Browsers
Install: Finished Kill All Browsers
Install: Firefox Timestamp...
Install: 1385941962
Install: In Install, ChromeEnabled
Install: OptionsArg = 01110010000000000000000000000000
Install: In InsertLinesIntoChromePrefs, begin
Install: In InsertLinesIntoChromePrefs, C:\Users\thanhnguyen\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Preferences
Install: In InsertLinesIntoChromePrefs, insertion failure: could not find preliminary search term for insertion in file
Install: In InsertLinesIntoChromePrefs, end
Install: In Install, ChromeEnabled, av Chrome Prefs Path =
Install: C:\Users\thanhnguyen\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Preferences
Install: In GetFolderNames, path=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\*
Install: In GetFolderNames, fileFound = true
Install: In GetFolderNames, filename is Certificate Revocation Lists, attr=8224
Install: In GetFolderNames, filename is chrome_shutdown_ms.txt, attr=8224
Install: In GetFolderNames, filename is Default, attr=8208
Install: In GetFolderNames, AllProfiles added Default
Install: In GetFolderNames, filename is DF96.tmp, attr=8224
Install: In GetFolderNames, filename is en-US-2-3.bdic, attr=8224
Install: In GetFolderNames, filename is en-US-3-0.bdic, attr=8224
Install: In GetFolderNames, filename is First Run, attr=8224
Install: In GetFolderNames, filename is Local State, attr=8224
Install: In GetFolderNames, filename is Local State~RF217a4.TMP, attr=8224
Install: In GetFolderNames, filename is PepperFlash, attr=8208
Install: In GetFolderNames, AllProfiles added PepperFlash
Install: In GetFolderNames, filename is pnacl, attr=8208
Install: In GetFolderNames, AllProfiles added pnacl
Install: In GetFolderNames, filename is Safe Browsing Bloom, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Bloom Prefix Set, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Cookies, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Cookies-journal, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Csd Whitelist, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Download, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Download Whitelist, attr=8224
Install: In GetFolderNames, filename is Safe Browsing Extension Blacklist, attr=8224
Install: In GetFolderNames, filename is Service State, attr=8224
Install: In GetFolderNames, filename is SwiftShader, attr=8208
Install: In GetFolderNames, AllProfiles added SwiftShader
Install: In GetFolderNames, filename is Temp, attr=8208
Install: In GetFolderNames, AllProfiles added Temp
Install: In GetFolderNames, filename is WidevineCDM, attr=8208
Install: In GetFolderNames, AllProfiles added WidevineCDM
Install: Completed GetFolderNames
Install: In FileExists: filename = 43330520
Install: After NOT calling DoubleEscape stemp =
Install: In FileExists, returning true
Install: In InsertLinesIntoChromePrefs, begin
Install: In InsertLinesIntoChromePrefs, C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Preferences
Install: In InsertLinesIntoChromePrefs, inserted into second condition
Install: In InsertLinesIntoChromePrefs, insertion success
Install: In InsertLinesIntoChromePrefs, end
Install: In Install, InsertLinesIntoFile called for Chrome
Install: In Install, CreateDirectory called for oclgomenfkljhfkfflghppidonpkljjg, it was created
Install: In Install, CreateDirectory called for 5.0_0
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\background.js, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\background.js
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\bootstrap.js, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\bootstrap.js.old, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon8.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon8.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon16.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon16.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon32.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon32.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon48.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon48.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon64.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon64.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\icon128.png, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon128.png
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\manifest.json, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json
Install: CopyFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\marcopolo.js, dest file=C:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\marcopolo.js
Install: In Install, files copied for Chrome
Install: In FileExists: filename = 43373592
Install: After NOT calling DoubleEscape stemp =
Install: In FileExists, returning false
Install: Calling SetRegistryKey("Software\Adpeak, Inc.\ScorpionSaver\Chrome", "INSTALLCHROMESTATUS", "TRUE")
Install: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\Chrome
Install: Attempting to set registry value TRUE
Install: Set registry value Software\Adpeak, Inc.\ScorpionSaver\Chrome\INSTALLCHROMESTATUS = TRUE
Install: In Install, IEEnabled
Install: In Install, BHO_Path = C:\Program Files (x86)\ScorpionSaver\IECore.dll
Install: In Install IEEnabled, from LoadLibraryEx hLib = 1912340480
Install: In Install IEEnabled, DllRegisterServer completed successfully.
Install: Calling SetRegistryKey("Software\Adpeak, Inc.\ScorpionSaver\IE", "INSTALLIESTATUS", "TRUE")
Install: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\IE
Install: Attempting to set registry value TRUE
Install: Set registry value Software\Adpeak, Inc.\ScorpionSaver\IE\INSTALLIESTATUS = TRUE
Install: In Install, FFEnabled
Install: In GetFolderNames, path=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\*
Install: In GetFolderNames, fileFound = true
Install: In GetFolderNames, filename is oovskqja.default, attr=8208
Install: In GetFolderNames, AllProfiles added oovskqja.default
Install: Completed GetFolderNames
Install: In FFPrefs, begin
Install: user_pref("extensions.autoDisableScopes", 0);
Install: In FFPrefs, finished
Install: In Install, FFEnabled
Install: In Install, directories created for FF
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_addon_runner.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon\runner.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_content_content-proxy.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-proxy.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_content_content-worker.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-worker.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_content_loader.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\loader.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_content_symbiont.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\symbiont.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_content_worker.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\worker.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_dom_events.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom\events.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_event_core.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\core.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_event_target.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\target.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_events_assembler.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events\assembler.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_l10n_core.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\core.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_l10n_html.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\html.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_l10n_loader.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\loader.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_l10n_locale.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\locale.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_l10n_prefs.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\prefs.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_privatebrowsing_utils.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing\utils.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_system_events.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system\events.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_tabs_events.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\events.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_tabs_observer.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\observer.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_tabs_tab.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\tab.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_tabs_utils.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\utils.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_traits_core.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits\core.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_utils_data.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\data.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_utils_object.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\object.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_utils_registry.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\registry.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_utils_thumbnail.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\thumbnail.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_window_utils.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window\utils.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_windows_dom.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\dom.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_windows_loader.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\loader.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_windows_observer.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\observer.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_windows_tabs.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\tabs.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_addonkit_page-mod.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\page-mod.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_addonkit_private-browsing.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\private-browsing.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_addonkit_request.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\request.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_addonkit_windows.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\windows.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_harness-options.json, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\harness-options.json
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_icon.png, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\icon.png
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_install.rdf, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\install.rdf
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_locales.json, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\locales.json
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_prefs.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\defaults\preferences\prefs.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_icon.png, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\data\icon.png
Install: The system cannot find the file specified.

Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_icon64.png, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\data\icon64.png
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_main.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\lib\main.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_main.js.old, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\lib\main.js.old
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\bootstrap.js
Install: CopyCustomFileToDest, source file=C:\Program Files (x86)\ScorpionSaver\ff_icon64.png, dest file=C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack\icon64.png
Install: The system cannot find the file specified.

Install: In Install, files copied for FF
Install: In InsertInDatabase, C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions.sqlite

Install: statementInsert=INSERT INTO main.addon VALUES (null,'ScorpionSaver@jetpack','eg-b8ykoArqg','app-profile','5.0','extension',null,'https://updates.ScorpionSaver.com/firefox,null,null,null,null,null,null,31,1,1,0,0,0,C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack,1323463190000,1323463190000,1,1,0,442522,null,null,0,1,0,0')
Install: In InsertInDatabase, initialized sqlite3 library

Install: In InsertInDatabase, opened sqlite3 library

Install: In InsertInDatabase, prepared sqlite3 insert, statementInsert=INSERT INTO main.addon VALUES (null,'ScorpionSaver@jetpack','eg-b8ykoArqg','app-profile','5.0','extension',null,'https://updates.ScorpionSaver.com/firefox,null,null,null,null,null,null,31,1,1,0,0,0,C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions\ScorpionSaver@jetpack,1323463190000,1323463190000,1,1,0,442522,null,null,0,1,0,0')

Install: Failed to step: 101, unknown error

Install: Value from sqlite: (null)
Install: Completed InsertInDatabase

Install: In Install, sql inserted for FF
Install: Calling SetRegistryKey("Software\Adpeak, Inc.\ScorpionSaver\Firefox", "INSTALLFFSTATUS", "TRUE")
Install: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\Firefox
Install: Attempting to set registry value TRUE
Install: Set registry value Software\Adpeak, Inc.\ScorpionSaver\Firefox\INSTALLFFSTATUS = TRUE
MSI (s) (1C:D8) [15:52:43:327]: Executing op: ActionStart(Name=SendJson,,)
Install: Installation Successful
MSI (s) (1C:D8) [15:52:43:327]: Executing op: CustomActionSchedule(Action=SendJson,ActionType=3137,Source=BinaryData,Target=PostJson,CustomActionData=UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 SourceGUID:2594 AdminPrivileges:1)
MSI (s) (1C:F0) [15:52:43:350]: Invoking remote custom action. DLL: C:\windows\Installer\MSIE872.tmp, Entrypoint: PostJson
PostJson: Initialized.
PostJson: Custom Action Data = 'UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 SourceGUID:2594 AdminPrivileges:1'.
PostJson: In PostJson, calling DoPostJson.
PostJson: In DoPostJson.
PostJson: In GetParameters
PostJson: Error 0x80070006: failed to set property: GUID
PostJson: UserGUID = 96964645-B958-6104-FFBB-83B14C8F7590
PostJson: SourceGUID = 2594
PostJson: AdminPrivileges = 1
PostJson: WinHttpClient URL = 'http://d2twxu3h2zf5u7.cloudfront.net/product/tb.html?g=96964645-B958-6104-FFBB-83B14C8F7590&s=2594&a=765'.
PostJson: In DoPostJson, root converted to data:
PostJson: In DoPostJson, wrote data to client.
PostJson: In DoPostJson, set headers.
PostJson: In DoPostJson, sent post request.
PostJson: In DoPostJson, SendHttpRequest success
PostJson: In DoPostJson, httpResponseHeader begin
PostJson: HTTP/1.1 200 OK
Cache-Control: public,max-age=300
Connection: keep-alive
Date: Tue, 05 Nov 2013 17:15:43 GMT
Via: 1.1 0bc2e7b1fd45930e7f193900ba6ab065.cloudfront.net (CloudFront)
Content-Length: 3
Content-Type: text/html
Last-Modified: Mon, 14 Oct 2013 19:11:55 GMT
Accept-Ranges: bytes
Age: 245
ETag: "05bf95dc7c9dba2c674516014c3fc0f5"
Server: AmazonS3
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: OZjR2ZpMuipL0ISdmAW7K_XArtWrT6UlAUYqe1dzoa1U3ZZpPSeG8g==


PostJson: In DoPostJson, httpResponseHeader end
PostJson: In DoPostJson, httpResponseContent begin
PostJson: tb

PostJson: In DoPostJson, httpResponseContent end
PostJson: In DoPostJson, creating ClientInfo.
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In DoPostJson, set b64BitArchitecture.
PostJson: In DoPostJson, set TimeStamp.
PostJson: In DoPostJson, set VersionString.
PostJson: In DoPostJson, set UserName.
PostJson: In DoPostJson, set PrimaryScreenResolution.
PostJson: In DoPostJson, called InstallTimezone.
PostJson: In DoPostJson, set UserGUID.
PostJson: In DoPostJson, set AppGUID.
PostJson: In DoPostJson, set ClientGUID.
PostJson: In DoPostJson, set SourceGUID.
PostJson: In DoPostJson, set HardwareGUID.
PostJson: In DoPostJson, set ReinstallFlag.
PostJson: In GetOEMId.
PostJson: In GetOEMId, called GetSystemInfo.
PostJson: In GetOEMId, oem = 0
PostJson: In DoPostJson, set OEMId.
PostJson: In GetThenDeleteRegistryKey, subkey=Software\Adpeak, Inc.\ScorpionSaver\Firefox valuename=INSTALLFFSTATUS
PostJson: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\Firefox
PostJson: Querying value
PostJson: Read registry value Software\Adpeak, Inc.\ScorpionSaver\Firefox\INSTALLFFSTATUS = TRUE, valuelen=10
PostJson: deleted registry key
PostJson: In DoPostJson, INSTALLFFSTATUS = TRUE
PostJson: In DoPostJson, set InstallFFStatus.
PostJson: In GetThenDeleteRegistryKey, subkey=Software\Adpeak, Inc.\ScorpionSaver\IE valuename=INSTALLIESTATUS
PostJson: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\IE
PostJson: Querying value
PostJson: Read registry value Software\Adpeak, Inc.\ScorpionSaver\IE\INSTALLIESTATUS = TRUE, valuelen=10
PostJson: deleted registry key
PostJson: In DoPostJson, INSTALLIESTATUS = TRUE
PostJson: In DoPostJson, set InstallIEStatus.
PostJson: In GetThenDeleteRegistryKey, subkey=Software\Adpeak, Inc.\ScorpionSaver\Chrome valuename=INSTALLCHROMESTATUS
PostJson: Attempting to open key Software\Adpeak, Inc.\ScorpionSaver\Chrome
PostJson: Querying value
PostJson: Read registry value Software\Adpeak, Inc.\ScorpionSaver\Chrome\INSTALLCHROMESTATUS = TRUE, valuelen=10
PostJson: deleted registry key
PostJson: In DoPostJson, INSTALLCHROMESTATUS = TRUE
PostJson: In DoPostJson, set InstallChromeStatusStr.
PostJson: In GetThenDeleteRegistryKey, subkey=Software\Adpeak, Inc.\Adpeak Services valuename=INSTALLKOMODIASTATUS
PostJson: Attempting to open key Software\Adpeak, Inc.\Adpeak Services
PostJson: RegOpenKeyEx failed with error 2: The system cannot find the file specified.

PostJson: In DoPostJson, INSTALLKOMODIASTATUS = FALSE
PostJson: In DoPostJson, set InstallKomodiaStatus, calling AddBrowserInfo.
PostJson: In GetRegisteredBrowsers.
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetRegisteredBrowsers, opened registry key.
PostJson: In GetRegisteredBrowsers, queried registry key.
PostJson: In GetRegisteredBrowsers, enumerated registry subkeys.
PostJson: In GetRegisteredBrowsers, filename = FIREFOX.EXE.
PostJson: In GetRegisteredBrowsers, filename = FIREFOX.EXE.
PostJson: In GetFirefoxPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetFirefoxPath, Is 64BitOS
PostJson: In GetFirefoxPath, opened registry key
PostJson: In GetFirefoxPath, called RegQueryValueEx
PostJson: In GetFirefoxPath, exeName = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In GetFirefoxPath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In GetFirefoxPath, calling StripExtraApostrophes
PostJson: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: In GetFirefoxPath, stripped extra apostrophes, FirefoxPath = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: In GetRegisteredBrowsers, firefox path found.
PostJson: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: In FileExists: filename = 45222256
PostJson: In DoubleEscape, string length = 50
PostJson: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
PostJson: In FileExists, returning true
PostJson: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: Error 0x80070006: failed to set property: FFENABLED
PostJson: In GetRegisteredBrowsers, firefox file found.
PostJson: In GetRegisteredBrowsers, file exists.
PostJson: In GetRegisteredBrowsers, enumerated registry subkeys.
PostJson: In GetRegisteredBrowsers, filename = Google Chrome.
PostJson: In GetRegisteredBrowsers, filename = Google Chrome.
PostJson: In GetChromePath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetChromePath, Is 64BitOS
PostJson: In GetChromePath, opened registry key
PostJson: In GetChromePath, called RegQueryValueEx
PostJson: In GetChromePath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
PostJson: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: In GetChromePath, stripped extra chars, ChromePath = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: In GetRegisteredBrowsers, Chrome path found.
PostJson: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: In FileExists: filename = 45222328
PostJson: In DoubleEscape, string length = 59
PostJson: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe
PostJson: In FileExists, returning true
PostJson: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: Error 0x80070006: failed to set property: CHROMEENABLED
PostJson: In GetRegisteredBrowsers, chrome file found.
PostJson: In GetRegisteredBrowsers, file exists.
PostJson: In GetRegisteredBrowsers, enumerated registry subkeys.
PostJson: In GetRegisteredBrowsers, filename = IEXPLORE.EXE.
PostJson: In GetRegisteredBrowsers, filename = IEXPLORE.EXE.
PostJson: In GetIEPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetIEPath, Is 64BitOS
PostJson: In GetIEPath, opened registry key
PostJson: In GetIEPath, called RegQueryValueEx
PostJson: In GetIEPath, called ConvertCharOrByteArrayToString, retString = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In GetIEPath, stripped extra chars, IEPath = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In GetRegisteredBrowsers, Internet Explorer path found.
PostJson: C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In FileExists: filename = 45222920
PostJson: In DoubleEscape, string length = 53
PostJson: After calling DoubleEscape stemp = C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
PostJson: In FileExists, returning true
PostJson: In GetRegisteredBrowsers, returned true from FileExists for C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: Error 0x80070006: failed to set property: IEENABLED
PostJson: In GetRegisteredBrowsers, IE file found.
PostJson: In GetRegisteredBrowsers, file exists.
PostJson: In GetRegisteredBrowsers, retrieved browser paths and checked for existence.
PostJson: Completed GetRegisteredBrowsers.
PostJson: In AddBrowserInfo, Called GetRegisteredBrowsers
PostJson: In GetFirefoxPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetFirefoxPath, Is 64BitOS
PostJson: In GetFirefoxPath, opened registry key
PostJson: In GetFirefoxPath, called RegQueryValueEx
PostJson: In GetFirefoxPath, exeName = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In GetFirefoxPath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In GetFirefoxPath, calling StripExtraApostrophes
PostJson: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: In GetFirefoxPath, stripped extra apostrophes, FirefoxPath = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PostJson: In AddBrowserInfo, set FireFoxPath
PostJson: In GetFirefoxVersion
PostJson: In GetFirefoxPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetFirefoxPath, Is 64BitOS
PostJson: In GetFirefoxPath, opened registry key
PostJson: In GetFirefoxPath, error=More data is available.

PostJson: In GetFirefoxPath, called RegQueryValueEx
PostJson: In GetFirefoxPath, exeName =
PostJson: In GetFirefoxPath, called ConvertCharOrByteArrayToString, retString =
PostJson: In GetFirefoxPath, calling StripExtraApostrophes
PostJson: In StripExtraApostrophes, filename =
PostJson: In StripExtraApostrophes, filename =
PostJson: In GetFirefoxPath, stripped extra apostrophes, FirefoxPath =
PostJson: In GetFirefoxVersion, retrieved FirefoxPath
PostJson: In GetFirefoxVersion, fileVersion =
PostJson: In GetFileVersion, szVersionFile =
PostJson: In AddBrowserInfo, set FireFoxVersion
PostJson: In GetChromePath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetChromePath, Is 64BitOS
PostJson: In GetChromePath, opened registry key
PostJson: In GetChromePath, called RegQueryValueEx
PostJson: In GetChromePath, called ConvertCharOrByteArrayToString, retString = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
PostJson: In StripExtraApostrophes, filename = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: In GetChromePath, stripped extra chars, ChromePath = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PostJson: In AddBrowserInfo, set ChromePath
PostJson: In GetChromeVersion
PostJson: In GetChromePath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetChromePath, Is 64BitOS
PostJson: In GetChromePath, opened registry key
PostJson: In GetChromePath, error=More data is available.

PostJson: In GetChromePath, called RegQueryValueEx
PostJson: In GetChromePath, called ConvertCharOrByteArrayToString, retString = (null)
PostJson: In StripExtraApostrophes, filename =
PostJson: In StripExtraApostrophes, filename =
PostJson: In GetChromePath, stripped extra chars, ChromePath =
PostJson: In GetChromeVersion, retrieved ChromePath = ÿj‹Îèfôÿÿ…À„{Ê
PostJson: In GetChromeVersion, fileVersion =
PostJson: In GetFileVersion, szVersionFile =
PostJson: In AddBrowserInfo, set ChromeVersion
PostJson: In GetIEPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetIEPath, Is 64BitOS
PostJson: In GetIEPath, opened registry key
PostJson: In GetIEPath, called RegQueryValueEx
PostJson: In GetIEPath, called ConvertCharOrByteArrayToString, retString = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In StripExtraApostrophes, filename = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In GetIEPath, stripped extra chars, IEPath = C:\Program Files (x86)\Internet Explorer\iexplore.exe
PostJson: In AddBrowserInfo, set IEPath
PostJson: In GetIEVersion
PostJson: In GetIEPath
PostJson: In Is64BitOS, getting ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, retrieved ProcAddress for IsWow64Process.
PostJson: In Is64BitOS, bIs64Bit = 1.
PostJson: In GetIEPath, Is 64BitOS
PostJson: In GetIEPath, opened registry key
PostJson: In GetIEPath, error=More data is available.

PostJson: In GetIEPath, called RegQueryValueEx
PostJson: In GetIEPath, called ConvertCharOrByteArrayToString, retString = (null)
PostJson: In StripExtraApostrophes, filename =
PostJson: In StripExtraApostrophes, filename =
PostJson: In GetIEPath, stripped extra chars, IEPath =
PostJson: In GetIEVersion, retrieved IEPath = ÿj‹Îèfôÿÿ…À„{Ê
PostJson: In GetIEVersion, fileVersion =
PostJson: In GetFileVersion, szVersionFile =
PostJson: In AddBrowserInfo, set IEVersion
PostJson: Completed AddBrowserInfo
PostJson: In DoPostJson, called AddBrowserInfo.
PostJson: Connected to
PostJson: In DoPostJson, called EnumAntivirus.
PostJson: In DoPostJson, admin = 1
MSI (s) (1C:D8) [15:52:43:845]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3])
PostJson: In DoPostJson, ClientInfo converted to root.
MSI (s) (1C:D8) [15:52:43:845]: Executing op: ProgressTotal(Total=61,Type=1,ByteEquivalent=13200)
MSI (s) (1C:D8) [15:52:43:846]: Executing op: RegOpenKey(,Key=Software\Wow6432Node\CLSID\2594,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:846]: Executing op: RegAddValue(,Value=ScorpionSaver,)
MSI (s) (1C:D8) [15:52:43:905]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:950]: Executing op: RegOpenKey(,Key=Software\Wow6432Node\CLSID\2594\InProcServer32,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:950]: Executing op: RegAddValue(,Value=C:\Program Files(x86)\ScorpionSaver\IECore.dll,)
MSI (s) (1C:D8) [15:52:43:953]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)
MSI (s) (1C:D8) [15:52:43:970]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:970]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Adpeak, Inc.\ScorpionSaver\Chrome,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:971]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:971]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:972]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:972]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:973]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:973]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:974]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:974]: Executing op: RegAddValue(,Value=Chrome,)
MSI (s) (1C:D8) [15:52:43:975]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:975]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:976]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:977]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:977]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:978]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:978]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:979]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:979]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:979]: Executing op: RegAddValue(Name=2594,Value=1,)
MSI (s) (1C:D8) [15:52:43:980]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:981]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:981]: Executing op: RegAddValue(Name=2594,Value=1,)
MSI (s) (1C:D8) [15:52:43:982]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:983]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\AppDataLow\Software\ScorpionSaver,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:983]: Executing op: RegAddValue(Name=file,Value=IECore.dll,)
MSI (s) (1C:D8) [15:52:43:984]: Executing op: RegAddValue(Name=guid,Value=96964645-B958-6104-FFBB-83B14C8F7590,)
MSI (s) (1C:D8) [15:52:43:985]: Executing op: RegAddValue(Name=license,Value=96964645-B958-6104-FFBB-83B14C8F7590,)
MSI (s) (1C:D8) [15:52:43:986]: Executing op: RegAddValue(Name=key,Value=2594,)
MSI (s) (1C:D8) [15:52:43:987]: Executing op: RegAddValue(Name=time,Value=0,)
MSI (s) (1C:D8) [15:52:43:987]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:988]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:988]: Executing op: RegAddValue(Name=1609,Value=0,)
MSI (s) (1C:D8) [15:52:43:991]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:997]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Microsoft\Windows\CurrentVersion\Policies\Ext,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:997]: Executing op: RegAddValue(Name=DisableAddonLoadTimePerformanceNotifications,Value=1,)
MSI (s) (1C:D8) [15:52:43:998]: Executing op: RegAddValue(Name=IgnoreFrameApprovalCheck,Value=1,)
MSI (s) (1C:D8) [15:52:43:998]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:43:999]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:43:999]: Executing op: RegAddValue(Name=DisableAddonLoadTimePerformanceNotifications,Value=1,)
MSI (s) (1C:D8) [15:52:44:000]: Executing op: RegAddValue(Name=IgnoreFrameApprovalCheck,Value=1,)
MSI (s) (1C:D8) [15:52:44:001]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:44:002]: Executing op: RegOpenKey(Root=-2147483647,Key=Software\ScorpionSaver,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:44:002]: Executing op: RegAddValue(Name=license,Value={512F2331-10CF-40F3-A303-2EE63EC9C5B0},)
MSI (s) (1C:D8) [15:52:44:003]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:44:003]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects,,BinaryType=0,,)
MSI (s) (1C:D8) [15:52:44:003]: Executing op: RegAddValue(Name=2594,Value=1,)
MSI (s) (1C:D8) [15:52:44:004]: Executing op: RegCreateKey()
MSI (s) (1C:D8) [15:52:44:005]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])
MSI (s) (1C:D8) [15:52:44:005]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=cab1.cab,BytesPerTick=0,CopierType=2,ModuleFileName=c:\windows\Installer\35ecf12.msi,,,,,IsFirstPhysicalMedia=1)
MSI (s) (1C:D8) [15:52:44:005]: Executing op: DatabaseCopy(DatabasePath=c:\windows\Installer\35ecf12.msi,ProductCode={9B65F9A3-9D24-452A-B6EF-1457D65E4259},,,)
MSI (s) (1C:D8) [15:52:44:005]: Note: 1: 1402 2: UNKNOWN\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties 3: 2
MSI (s) (1C:D8) [15:52:44:008]: File will have security applied from OpCode.
MSI (s) (1C:D8) [15:52:44:060]: Executing op: ProductRegister(UpgradeCode={CB6054F5-7136-4F2E-8EC4-ACC0EE2F06E9},VersionString=1.0.0.0,HelpLink=http://www.adpeak.com/,,,InstallSource=c:\temp\,Publisher=Adpeak, Inc.,,,,NoModify=1,NoRepair=1,,,,,,,EstimatedSize=3164,,,,)
MSI (s) (1C:D8) [15:52:44:086]: Executing op: ProductCPDisplayInfoRegister()
MSI (s) (1C:D8) [15:52:44:091]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])
MSI (s) (1C:D8) [15:52:44:092]: Executing op: FeaturePublish(Feature=ProductFeature,,Absent=2,Component=$0nZ&3AEp?I}-!aN$=%LGN[QRFL]_9v1,&XH(U8%f}&3C9l65A%pUkOQsJHf{!DaEvv2T=&~.I$nHq%bV5i}wXWJD9?APpn[$!TOoO-_?c9~j8NjH(7LdZLC}(T@5!n%h8~^c&p6-L$e(Xi~,-8Q?=pvafdds),YE(etIcw899gWgA-o-*D[0-vieBN6+9i'I3Sq8Z0MoS?a2*la6Ab^,&pa!~w!4Pm,llFq.?KCQ^N%MSa4@+VP8rRkK?@yEd8X!C8]p_uS?LpLh8?YDoKwnxvB)
MSI (s) (1C:D8) [15:52:44:095]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)
MSI (s) (1C:D8) [15:52:44:095]: Executing op: IconCreate(Icon=icon64.ico,Data=BinaryData)
MSI (s) (1C:D8) [15:52:44:098]: Executing op: CleanupConfigData()
MSI (s) (1C:D8) [15:52:44:098]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\Patches 3: 2
MSI (s) (1C:D8) [15:52:44:098]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)
MSI (s) (1C:D8) [15:52:44:098]: Note: 1: 1402 2: UNKNOWN\Products\3A9F56B942D9A2546BFE41756DE52495\Patches 3: 2
MSI (s) (1C:D8) [15:52:44:099]: Executing op: ProductPublish(PackageKey={A5122D60-0F73-4E51-B932-09546C8362F3})
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:100]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:101]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 3: 2
MSI (s) (1C:D8) [15:52:44:118]: Executing op: UpgradeCodePublish(UpgradeCode={CB6054F5-7136-4F2E-8EC4-ACC0EE2F06E9})
MSI (s) (1C:D8) [15:52:44:119]: Executing op: SourceListPublish(,,,,NumberOfDisks=1)
MSI (s) (1C:D8) [15:52:44:119]: Note: 1: 1402 2: UNKNOWN\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList 3: 2
MSI (s) (1C:D8) [15:52:44:121]: Executing op: ProductPublishClient(,,)
MSI (s) (1C:D8) [15:52:44:122]: Executing op: SourceListRegisterLastUsed(SourceProduct={9B65F9A3-9D24-452A-B6EF-1457D65E4259},LastUsedSource=c:\\temp\\)
MSI (s) (1C:D8) [15:52:44:122]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (1C:D8) [15:52:44:123]: Specifed source is not already in a list.
MSI (s) (1C:D8) [15:52:44:123]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (1C:D8) [15:52:44:123]: Adding new sources is allowed.
MSI (s) (1C:D8) [15:52:44:123]: Added new source 'c:\\temp\\' with index '2'
MSI (s) (1C:D8) [15:52:44:123]: Set LastUsedSource to: c:\temp\.
MSI (s) (1C:D8) [15:52:44:123]: Set LastUsedType to: n.
MSI (s) (1C:D8) [15:52:44:123]: Set LastUsedIndex to: 2.
MSI (s) (1C:D8) [15:52:44:133]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=7397959)
MSI (s) (1C:D8) [15:52:44:138]: User policy value 'DisableRollback' is 0
MSI (s) (1C:D8) [15:52:44:138]: Machine policy value 'DisableRollback' is 0
MSI (s) (1C:D8) [15:52:44:171]: Note: 1: 2318 2:
MSI (s) (1C:D8) [15:52:44:172]: No System Restore sequence number for this installation.
MSI (s) (1C:D8) [15:52:44:172]: Unlocking Server
MSI (s) (1C:D8) [15:52:44:296]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 15:52:44: InstallFinalize. Return value 1.
Action ended 15:52:44: INSTALL. Return value 1.
Property(S): UpgradeCode = {CB6054F5-7136-4F2E-8EC4-ACC0EE2F06E9}
Property(S): MYLOCALAPPDATA = c:\Users\thanhnguyen\AppData\Local\
Property(S): INSTALLLOCATION = c:\Program Files (x86)\ScorpionSaver\
Property(S): SendJson = UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 SourceGUID:2594 AdminPrivileges:1
Property(S): CustomActionInstall = SourceGUID:2594 VMFlag: UserGUID:96964645-B958-6104-FFBB-83B14C8F7590 FFEnabled:TRUE IEEnabled:TRUE ChromeEnabled:TRUE Options:01110010000000000000000000000000
Property(S): Google = c:\Users\thanhnguyen\AppData\Local\Google\
Property(S): Chrome = c:\Users\thanhnguyen\AppData\Local\Google\Chrome\
Property(S): User_Data = c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\
Property(S): Default = c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\
Property(S): Extensions = c:\Users\thanhnguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\
Property(S): ChromeIdPath = c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\
Property(S): ChromeVersionPath = c:\Users\thanhnguyen\AppData\Local\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\
Property(S): ProgramFilesFolder = c:\Program Files (x86)\
Property(S): TARGETDIR = c:\
Property(S): SourceDir = c:\\temp\\
Property(S): ALLUSERS = 1
Property(S): ARPPRODUCTICON = icon64.ico
Property(S): ARPNOREPAIR = yes
Property(S): ARPNOMODIFY = yes
Property(S): ARPHELPLINK = http://www.adpeak.com/
Property(S): SOURCEGUID = 2594
Property(S): USERGUID = 96964645-B958-6104-FFBB-83B14C8F7590
Property(S): OPTIONS = 01110010000000000000000000000000
Property(S): Manufacturer = Adpeak, Inc.
Property(S): ProductCode = {9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Property(S): ProductLanguage = 1033
Property(S): ProductName = ScorpionSaver
Property(S): ProductVersion = 1.0.0.0
Property(S): IE_GUID = 10AD2C61-0898-4348-8600-14A342F22AC3
Property(S): CHROME_ID = oclgomenfkljhfkfflghppidonpkljjg
Property(S): CHROME_VERSION = 5.0_0
Property(S): SecureCustomProperties = ARPNOMODIFY;ARPNOREPAIR;CHROMEENABLED;DEBUG;FFENABLED;IEENABLED;LOGFILE;OPTIONS;SILENT;SOURCEGUID;USERGUID;VMFLAG;WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiLogFileLocation = c:\\temp\\foo.txt
Property(S): PackageCode = {A5122D60-0F73-4E51-B932-09546C8362F3}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): RestrictedUserControl = 1
Property(S): CURRENTDIRECTORY = C:\windows\system32
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 38756
Property(S): MsiSystemRebootPending = 1
Property(S): VersionDatabase = 300
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 601
Property(S): VersionNT64 = 601
Property(S): WindowsBuild = 7600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): MsiNTSuitePersonal = 1
Property(S): WindowsFolder = c:\windows\
Property(S): WindowsVolume = c:\
Property(S): System64Folder = C:\windows\system32\
Property(S): SystemFolder = c:\windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\THANHN~1\AppData\Local\Temp\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\thanhnguyen\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\thanhnguyen\Favorites\
Property(S): NetHoodFolder = C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\thanhnguyen\Documents\
Property(S): PrintHoodFolder = C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\thanhnguyen\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\thanhnguyen\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\thanhnguyen\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 2013
Property(S): VirtualMemory = 2072
Property(S): LogonUser = thanhnguyen
Property(S): UserSID = S-1-5-21-2038435613-138853392-2710362757-1000
Property(S): UserLanguageID = 1033
Property(S): ComputerName = EMACHINES
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 22
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 15:52:44
Property(S): Date = 12/1/2013
Property(S): MsiNetAssemblySupport = 2.0.50727.4927
Property(S): MsiWin32AssemblySupport = 6.1.7600.16385
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = thanhnguyen
Property(S): DATABASE = c:\windows\Installer\35ecf12.msi
Property(S): OriginalDatabase = c:\\temp\\ScorpionSaver.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = c:\
Property(S): CostingComplete = 1
Property(S): INSTALLLEVEL = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = c:\\temp\\
Property(S): SourcedirProduct = {9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Property(S): FFENABLED = TRUE
Property(S): CHROMEENABLED = TRUE
Property(S): IEENABLED = TRUE
Property(S): ProductToBeRegistered = 1
MSI (s) (1C:D8) [15:52:44:336]: Note: 1: 1707
MSI (s) (1C:D8) [15:52:44:336]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:44:336]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1707
MSI (s) (1C:D8) [15:52:44:336]: Note: 1: 2205 2: 3: Error
MSI (s) (1C:D8) [15:52:44:336]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (1C:D8) [15:52:44:336]: Product: ScorpionSaver -- Installation completed successfully.

MSI (s) (1C:D8) [15:52:44:337]: Windows Installer installed the product. Product Name: ScorpionSaver. Product Version: 1.0.0.0. Product Language: 1033. Manufacturer: Adpeak, Inc.. Installation success or error status: 0.

MSI (s) (1C:D8) [15:52:44:339]: Deferring clean up of packages/files, if any exist
MSI (s) (1C:D8) [15:52:44:339]: MainEngineThread is returning 0
MSI (s) (1C:E8) [15:52:44:343]: RESTART MANAGER: Session closed.
MSI (s) (1C:E8) [15:52:44:343]: No System Restore sequence number for this installation.
=== Logging stopped: 12/1/2013 15:52:44 ===
MSI (s) (1C:E8) [15:52:44:346]: User policy value 'DisableRollback' is 0
MSI (s) (1C:E8) [15:52:44:346]: Machine policy value 'DisableRollback' is 0
MSI (s) (1C:E8) [15:52:44:346]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (1C:E8) [15:52:44:346]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (1C:E8) [15:52:44:347]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (1C:E8) [15:52:44:348]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (1C:E8) [15:52:44:348]: Restoring environment variables
MSI (s) (1C:E8) [15:52:44:414]: Destroying RemoteAPI object.
MSI (s) (1C:60) [15:52:44:414]: Custom Action Manager thread ending.
MSI © (64:68) [15:52:44:420]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI © (64:68) [15:52:44:447]: MainEngineThread is returning 0
=== Verbose logging stopped: 12/1/2013 15:52:44 ===
  • 0

#9
odog
Posted 27 December 2013 - 12:25 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry about adding the last "foo.txt", i probably should have added it into another reply, did not realize quite how long this file was, but it included ScorpionSaver references regarding network installation and words like cloaking, I guess that is why i sent it. Hope your holidays were great for ya !
  • 0

#10
odog
Posted 27 December 2013 - 12:38 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
On startup, the computer displays a RunDLL error box that states "There was a problem starting C:\Users\thanhnguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found" Click and it goes away and everything seems to run ok, going to check IE downloads, seems to work ok, in explorer it would seem like the downloads would start and then freeze up at 3% downloaded, stay that way forever, butt it seems to be running fine now.
  • 0

Advertisements

#11
godawgs
Posted 27 December 2013 - 05:08 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. My holiday was great. The AdwCleaner log you posted was just a diagnostic scan. These fixes should make a difference in the computer's behavior.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the 64 bits (x64): download button and save the RogueKillerX64.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The RKReport.txt log
4. The FSS.txt log
  • 0

#12
odog
Posted 31 December 2013 - 08:58 AM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Happy New Year godawgs ... here come the logs !

1. The AdwCleaner[S0].txt log

# AdwCleaner v3.016 - Report created 30/12/2013 at 07:45:56
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : thanhnguyen - EMACHINES
# Running from : C:\OLIVER\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\thanhnguyen\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\thanhnguyen\AppData\Local\Wajam
Folder Deleted : C:\Users\thanhnguyen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\thanhnguyen\AppData\LocalLow\VisualBee_V.12
Folder Deleted : C:\Users\thanhnguyen\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\thanhnguyen\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\thanhnguyen\Documents\DealRunner
Folder Deleted : C:\Users\thanhnguyen\Documents\ShopToWin
Folder Deleted : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\Smartbar
Folder Deleted : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\ValueApps
File Deleted : C:\END
File Deleted : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\user.js
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53C4024F-5A2E-4F2A-B33E-E8784D730938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C22E4D13-E98A-488B-A9D8-B51C15A35A23}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B5B2257-F05D-4B30-BE4A-296308E9346A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D190684-5C47-4FDE-82E3-128B1D2AC9D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.12
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\firstsearch
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\VisualBee_V.12
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\prefs.js ]

Line Deleted : user_pref("CT3287811.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3287811.FF19Solved", "true");
Line Deleted : user_pref("CT3287811.FirstTime", "true");
Line Deleted : user_pref("CT3287811.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287811.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287811.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3287811.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3287811.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3287811.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3287811.SF_USER_ID", "%E9%EF%EA%E5%BB%B7%B8%B8%B6%B7%B9%B7%BD%B9%BC%BB%BF%BC%BC%BC%BB%BF%BE%BA");
Line Deleted : user_pref("CT3287811.SF_USER_ID.enc", "Y2lkXzUxMjIwMTMxNzM2NTk2NjY1OTg0");
Line Deleted : user_pref("CT3287811.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Deleted : user_pref("CT3287811.UserID", "UN51523499927838298");
Line Deleted : user_pref("CT3287811._key_cl_active", "%BE%EB%EB%BC%B6%B8%BA%E9%B3%EC%BB%B7%BB%B3%BA%BD%BA%E9%B3%E8%E7%BD%EA%B3%E9%BE%B9%BE%B9%BE%B6%E8%B7%B6%BD%E7");
Line Deleted : user_pref("CT3287811._key_cl_active.enc", "OGVlNjAyNGMtZjUxNS00NzRjLWJhN2QtYzgzODM4MGIxMDdh");
Line Deleted : user_pref("CT3287811.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287811.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3287811.cbfirsttime", "%DA%EE%FB%A6%CA%EB%E9%A6%B6%BB%A6%B8%B6%B7%B9%A6%B7%BD%C0%B9%BD%C0%B6%B6%A6%CD%D3%DA%B3%B6%BE%B6%B6%A6%AE%D6%E7%E9%EF%EC%EF%E9%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3287811.cbfirsttime.enc", "VGh1IERlYyAwNSAyMDEzIDE3OjM3OjAwIEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3287811.countryCode", "US");
Line Deleted : user_pref("CT3287811.defaultSearch", "true");
Line Deleted : user_pref("CT3287811.enableAlerts", "true");
Line Deleted : user_pref("CT3287811.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287811.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287811.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287811.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287811.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287811.fullUserID", "UN51523499927838298.IN.20131205135701");
Line Deleted : user_pref("CT3287811.installDate", "05/12/2013 13:57:14");
Line Deleted : user_pref("CT3287811.installSessionId", "{D08CBB23-08F5-45CD-B9F9-81163C2BC800}");
Line Deleted : user_pref("CT3287811.installSp", "TRUE");
Line Deleted : user_pref("CT3287811.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287811.installUsage", "2013-12-06T04:36:06.3354298+03:00");
Line Deleted : user_pref("CT3287811.installUsageEarly", "2013-12-06T04:36:00.220465+03:00");
Line Deleted : user_pref("CT3287811.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287811.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287811.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287811.keyword", "true");
Line Deleted : user_pref("CT3287811.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3287811.mam_gk_appStateReportTime", "%B7%B9%BE%BC%BB%BA%BC%BB%B8%BE%B6%BD%BF");
Line Deleted : user_pref("CT3287811.mam_gk_appStateReportTime.enc", "MTM4NjU0NjUyODA3OQ==");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_JobsMiner", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3287811.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3287811.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3287811.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3287811.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3287811.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BB%B4%B7");
Line Deleted : user_pref("CT3287811.mam_gk_currentVersion.enc", "MS4xMS41LjE=");
Line Deleted : user_pref("CT3287811.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287811.mam_gk_lastLoginTime", "%B7%B9%BE%BC%BB%BA%BC%BB%B8%BE%BA%BD%BF");
Line Deleted : user_pref("CT3287811.mam_gk_lastLoginTime.enc", "MTM4NjU0NjUyODQ3OQ==");
Line Deleted : user_pref("CT3287811.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3287811.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3287811.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287811.mam_gk_migrated_from_ls", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_migrated_from_ls.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3287811.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287811.mam_gk_settings1.11.5.1", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3287811.mam_gk_settings1.11.5.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMDkiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]
Line Deleted : user_pref("CT3287811.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3287811.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287811.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3287811.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3287811.mam_gk_userId", "%BB%BC%E8%EA%BB%BC%BB%EC%B3%EA%BF%B9%B9%B3%BA%BE%BC%BE%B3%BE%EB%E8%B6%B3%E9%B9%B7%E9%BE%BC%BF%E8%BF%B8%BD%BE");
Line Deleted : user_pref("CT3287811.mam_gk_userId.enc", "NTZiZDU2NWYtZDkzMy00ODY4LThlYjAtYzMxYzg2OWI5Mjc4");
Line Deleted : user_pref("CT3287811.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3287811.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3287811.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3287811.openThankYouPage", "false");
Line Deleted : user_pref("CT3287811.openUninstallPage", "true");
Line Deleted : user_pref("CT3287811.originalHomepage", "hxxp://vn.yahoo.com/?fr=mkg031");
Line Deleted : user_pref("CT3287811.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=");
Line Deleted : user_pref("CT3287811.originalSearchEngine", "Secure Search");
Line Deleted : user_pref("CT3287811.originalSearchEngineName", "Secure Search");
Line Deleted : user_pref("CT3287811.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3287811.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287811.search.searchAppId", "130058505012401845");
Line Deleted : user_pref("CT3287811.search.searchCount", "2");
Line Deleted : user_pref("CT3287811.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287811.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287811.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3287811.searchRevert", "false");
Line Deleted : user_pref("CT3287811.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3287811.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287811.searchUserMode", "2");
Line Deleted : user_pref("CT3287811.serviceLayer_services_Configuration_lastUpdate", "1387124532386");
Line Deleted : user_pref("CT3287811.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386293806721");
Line Deleted : user_pref("CT3287811.serviceLayer_services_appsMetadata_lastUpdate", "1387124529998");
Line Deleted : user_pref("CT3287811.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386293806631");
Line Deleted : user_pref("CT3287811.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1386293805174");
Line Deleted : user_pref("CT3287811.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1386293811151");
Line Deleted : user_pref("CT3287811.serviceLayer_services_login_10.22.5.10_lastUpdate", "1386383552287");
Line Deleted : user_pref("CT3287811.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386883298426");
Line Deleted : user_pref("CT3287811.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387124520186");
Line Deleted : user_pref("CT3287811.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386293806675");
Line Deleted : user_pref("CT3287811.serviceLayer_services_searchAPI_lastUpdate", "1387124527614");
Line Deleted : user_pref("CT3287811.serviceLayer_services_serviceMap_lastUpdate", "1387124520107");
Line Deleted : user_pref("CT3287811.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387124527589");
Line Deleted : user_pref("CT3287811.serviceLayer_services_toolbarSettings_lastUpdate", "1387124531184");
Line Deleted : user_pref("CT3287811.serviceLayer_services_translation_lastUpdate", "1387124520187");
Line Deleted : user_pref("CT3287811.settingsINI", true);
Line Deleted : user_pref("CT3287811.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287811.showToolbarPermission", "false");
Line Deleted : user_pref("CT3287811.smartbar.CTID", "CT3287811");
Line Deleted : user_pref("CT3287811.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3287811.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287811.smartbar.toolbarName", "VisualBee V.12 ");
Line Deleted : user_pref("CT3287811.startPage", "true");
Line Deleted : user_pref("CT3287811.toolbarBornServerTime", "6-12-2013");
Line Deleted : user_pref("CT3287811.toolbarCurrentServerTime", "13-12-2013");
Line Deleted : user_pref("CT3287811.toolbarInstallDate", "05-12-2013 13:57:04");
Line Deleted : user_pref("CT3287811.toolbarLoginClientTime", "Thu Dec 05 2013 17:36:51 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3287811.url_history0001", "%F0%E7%FC%E7%F9%E9%F8%EF%F6%FA%C0%ED%EB%F4%EB%F8%E7%FA%EB%D2%EF%F4%F1%AE%AD%EE%FA%FA%F6%C0%B5%B5%FA%FA%E8%B4%EC%EF%F2%EB%F9%E8%FB%F4%F1%EB%F8%B4%E9%F5%F3%B5%EA%[...]
Line Deleted : user_pref("CT3287811.url_history0001.enc", "amF2YXNjcmlwdDpnZW5lcmF0ZUxpbmsoJ2h0dHA6Ly90dGIuZmlsZXNidW5rZXIuY29tL2Rvd25sb2FkL3JlcXVlc3QvNTI1ZTg1NTQ1ZjFjMWU4MTY1MDAwMDA0L0tBTEozSUhKJyk6OjpjbGlja2hhbmRs[...]
Line Deleted : user_pref("CT3287811.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3287811.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN51523499927838298&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.12 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287811");
Line Deleted : user_pref("extensions.crossrider.bic", "13d0dbd53045576312de34fe9bf751bd");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationTime", 1361719917);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.active", true);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundver", 5);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.value", "1361719917");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.value", "1361719917");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.expiration", "Sun Mar 03 2013 18:09:54 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%22141543%26pid%3D1382%5C%22%3A%7Bs%3A%5B%5C%22146368%26pid%3D1392%5C%2[...]
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.expiration", "Sun Mar 03 2013 18:09:54 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.expiration", "Wed Mar 06 2013 13:36:10 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.value", "1362360841");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.value", "%221361906481%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22142729%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%22142729%26subid%3D%26pid%3D1383%2[...]
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.value", "%221361906531%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.value", "%22142729%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.value", "1362360839940");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.value", "%221383%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.value", "%22148533%22");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.value", "1362000962377");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.description", "Solid Savings");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.domain", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.group", 0);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221F31BE2871CC4F46B0B00081589ED66FIE%22%2C%22installer_verifier%22%3A%22cb84f8c6e32c30[...]
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.value", "7");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.expiration", "Sun Mar 03 2013 23:34:01 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Deleted : user_pref("extensions.crossriderapp26278.26278.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.name", "Solid Savings");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.ver", 34);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/26278/plugins/088/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsversion", 4);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp26278.26278.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp26278.26278.ver", 7);
Line Deleted : user_pref("extensions.crossriderapp26278.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp26278.apps", "26278");
Line Deleted : user_pref("extensions.crossriderapp26278.bic", "13d0dbd53045576312de34fe9bf751bd");
Line Deleted : user_pref("extensions.crossriderapp26278.cid", 26278);
Line Deleted : user_pref("extensions.crossriderapp26278.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp26278.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp26278.installationdate", 1361735144);
Line Deleted : user_pref("extensions.crossriderapp26278.lastcheck", 22706014);
Line Deleted : user_pref("extensions.crossriderapp26278.lastcheckitem", 22706045);
Line Deleted : user_pref("extensions.crossriderapp26278.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp26278.reportInstall", true);
Line Deleted : user_pref("extensions.wajam.affiliate_id", "4223");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.trace_log", "1374374313962 - onFlagInfoReceived - Server mapping version: 0.21087\n1374374313962 - onFlagInfoReceived - Server mapping version (client-side): 0.21087\n13743[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "A858B7682E7585953E27249EBA280B2C");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
Line Deleted : user_pref("extensions.wajam.website_version", "1.00274.0");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287811");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN51523499927838298&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN51523499927838298&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287811");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287811");
Line Deleted : user_pref("smartbar.machineId", "VVVPH/ICYA83RETQOO2RXM379FMKCLAVWIHDFBLTAEIIOMRZ59I+W3ZCPARCXZVIWT78T/S7LPSYM+N3G1AJFA");
Line Deleted : user_pref("valueApps.CT3287811./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E06CG5EL8:", "6E6D696C6B6C72737677");
Line Deleted : user_pref("valueApps.CT3287811./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F72717278797C7D242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3287811./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./[email protected]", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3287811./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3G>D", "3C3C3C4071723F737A47467A7220754D497E254E7A207C2A24265727552D26275D2E2D2B");
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3287811./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("valueApps.CT3287811./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3287811./9B/>01=9A6K6<IM;[email protected]", false);
Line Deleted : user_pref("valueApps.CT3287811./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3287811./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B5BA==9CJAG", "6D6B693D6D6E44447A4772794A774C49204A224F7A");
Line Deleted : user_pref("valueApps.CT3287811./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B6B11G4C56B>F;P;ANR@P", "6E6D696C6B6C72737676717474");
Line Deleted : user_pref("valueApps.CT3287811./9B6B11G4C56B>F;P;[email protected]", false);
Line Deleted : user_pref("valueApps.CT3287811./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3287811./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3287811./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3287811./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3287811./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B<:222H64<L8DAJ", "6D70706F7673737976762A787A727B7D757B21");
Line Deleted : user_pref("valueApps.CT3287811./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3287811./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3287811./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3287811./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3287811./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3287811.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3287811.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.SF_USER_ID", "6369645F3531323230313331373336353936363635393834");
Line Deleted : user_pref("valueApps.CT3287811.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811._key_cl_active", "38656536303234632D663531352D343734632D626137642D633833383338306231303761");
Line Deleted : user_pref("valueApps.CT3287811._key_cl_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.cbfirsttime", "5468752044656320303520323031332031373A33373A303020474D542D30383030202850616369666963205374616E646172642054696D6529");
Line Deleted : user_pref("valueApps.CT3287811.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appStateReportTime", "31333836383833333039373030");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_JobsMiner", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_JobsMiner.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_lastLoginTime", "31333836383833333131333137");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_userId", "35366264353635662D643933332D343836382D386562302D633331633836396239323738");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3287811.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3287811.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [46527 octets] - [27/12/2013 10:01:36]
AdwCleaner[R1].txt - [46588 octets] - [30/12/2013 07:44:51]
AdwCleaner[S0].txt - [47282 octets] - [30/12/2013 07:45:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [47343 octets] ##########


2. The JRT.txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by thanhnguyen on Tue 12/31/2013 at 6:16:05.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\thanhnguyen\appdata\local\solid savings"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\thanhnguyen\AppData\Roaming\mozilla\firefox\profiles\oovskqja.default\searchplugins\bing-zugo.xml
Emptied folder: C:\Users\thanhnguyen\AppData\Roaming\mozilla\firefox\profiles\oovskqja.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/31/2013 at 6:23:47.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


3. The RKReport.txt log

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : thanhnguyen [Admin rights]
Mode : Scan -- Date : 12/31/2013 06:34:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Updater26278.exe : C:\Users\thanhnguyen\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721032CLA362 ATA Device +++++
--- User ---
[MBR] 6f7fa6d2543cb65a725ff3434512af44
[BSP] f94b693582bcbe78d8cbbebfaef8565c : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 288759 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12312013_063431.txt >>



4. The FSS.txt log

Farbar Service Scanner Version: 05-12-2013
Ran by thanhnguyen (administrator) on 31-12-2013 at 06:39:05
Running from "C:\OLIVER"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#13
godawgs
Posted 31 December 2013 - 10:08 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Happy New Year to you also. Well that round got rid of a bunch of rubbish. Are you still getting the Rundll error on startup?
Let's continue. We're gonna run RogueKiller again and remove a bad entry. Then we will check for residual malware files.


Step-1.

Run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click the Scan button and wait for the scan to complete.
  • Click the Registry tab and clear the checboxes next to the following entries:
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Before running Steps 2 and 3 please disable any screen saver you have running.


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue or OK button on the UAC window. You will now be at the main program as shown below.

Posted Image

  • Click the Update tab abd update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
/md5start
foo.txt
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (C:\Users\thanhnguyen\Downloads folder).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above.
2. The TKReport[S0]_D_date_time.txt log
3. The RKReport[S0]_SC_date_time.txt log
4. The MalwareBytes log
5. The ESET scan log (IF it found anything). If it didn't just tell me.
6. The new OTL.txt log
  • 0

#14
odog
Posted 31 December 2013 - 01:24 PM

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok godawgs, i will be completing and sending stuff on Jan2, in the meantime, HAPPY NEW YEAR and thanks for the help.
  • 0

#15
godawgs
Posted 31 December 2013 - 04:08 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:thumbsup: Don't forget to answer my question about the rundll error on startup.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP