Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Invisible popup playing in background [Closed]

Started by Izzy1665 , Dec 20 2013 07:34 AM

  • This topic is locked This topic is locked

#1
Izzy1665
Posted 20 December 2013 - 07:34 AM

Izzy1665

    Member

  • Member
  • PipPipPip
  • 121 posts
Somehow we have gotten an "invisible" popup/popunder playing in the background on our computer. Ran a couple of things (Security Essentials, CCleaner, Spybot, & Advanced System Cleaner (ASC found stuff CCleaner didn't)) but no luck removing it. Before continuing with Malwarebytes, HiJackThis, and so on, I Googled this issue and OTL came up as a newer form of HiJackThis so I am going this route instead.

My wife is a couponer so I can only assume she got this infection through some coupon site.


Here is my result:

OTL logfile created on: 12/19/2013 5:51:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Parent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 66.15% Memory free
3.35 Gb Paging File | 2.77 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 113.10 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive D: | 53.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
Drive F: | 14.40 Gb Total Space | 3.19 Gb Free Space | 22.17% Space Free | Partition Type: FAT32

Computer Name: K12-2DDEF1F8D6B | User Name: Parent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/03 01:26:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/02 14:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/12/01 17:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
PRC - [2013/11/29 14:59:02 | 000,770,368 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
PRC - [2013/11/28 17:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 11:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/22 00:31:26 | 000,313,208 | ---- | M] (Updater) -- C:\Documents and Settings\All Users\Application Data\Updater\updater.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/03/26 12:12:56 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.2.1.6\ma\bin\node.exe
PRC - [2013/03/26 12:12:56 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.2.1.6\ma\bin\MAHostService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2002/12/31 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/12/31 07:00:00 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/01 11:22:51 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/12/01 11:14:43 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/12/01 11:14:35 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/12/01 11:14:32 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/12/01 10:23:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/12/01 09:48:32 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/12/01 09:48:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/12/01 09:48:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/12/01 09:48:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/12/01 09:48:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/12/01 09:48:19 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/12/01 09:48:18 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/12/01 09:48:17 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/12/01 09:48:14 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/12/01 09:48:11 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/12/01 09:41:27 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/12/01 09:41:20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/12/01 09:40:49 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/12/01 09:40:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/12/01 09:39:33 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/12/01 09:39:25 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/12/01 09:39:09 | 006,817,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/12/01 09:39:00 | 007,070,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/12/01 09:38:51 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/12/01 09:38:43 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/11/14 16:02:32 | 000,218,944 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\webres.dll
MOD - [2013/01/15 18:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
MOD - [2012/10/18 16:31:16 | 000,240,640 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
MOD - [2012/10/18 16:31:04 | 000,246,784 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
MOD - [2012/10/18 16:30:52 | 000,233,984 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
MOD - [2012/07/12 18:37:54 | 001,380,864 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\libxmljs\build\Release\libxmljs.node
MOD - [2012/06/26 15:40:04 | 000,068,096 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
MOD - [2012/01/03 20:13:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/03 20:13:07 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/03 20:13:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/03 20:13:05 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/03 20:13:05 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/03 20:13:04 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/03 20:13:04 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/03 20:13:04 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/03 20:13:04 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2012/01/03 19:41:33 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/01/03 19:41:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/03 19:41:32 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/03 19:41:32 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2012/01/03 19:41:28 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/03 19:41:28 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/03 19:41:28 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/03 19:41:28 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2012/01/03 19:41:28 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/03 19:41:28 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2012/01/03 19:41:27 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/03 19:41:27 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/03 19:41:27 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/08/13 17:48:20 | 000,488,448 | ---- | M] () -- C:\WINDOWS\system32\apdfprintmon.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/11 03:20:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/02 10:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/28 17:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/27 00:48:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/15 11:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/03/26 12:12:56 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.2.1.6\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/12/31 07:00:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/16 00:58:26 | 007,412,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/18 14:10:15 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2010/04/09 19:26:12 | 005,913,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/02/09 07:56:14 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 17:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/04/16 18:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/12/31 07:00:00 | 001,161,696 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/31 07:00:00 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {134AA755-3ED5-48D9-AE38-8DF0955C066D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...CF29901B4&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 4E 69 67 43 65 CD 01 [binary data]
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{0A75FE62-541A-4C74-ADA5-5D4D95ED210F}: "URL" = http://websearch.ask...31-2D935EAC9FD6
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{134AA755-3ED5-48D9-AE38-8DF0955C066D}: "URL" = http://search.condui...2571500731&UM=2
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-14 16:59:14&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{F613CE83-CCF1-4DE9-8143-A3B5E08097A8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..CT3315827.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "InternetHelper3.6 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=677874"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...F29901B4&SSPV="
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.4723772
FF - prefs.js..extensions.enabledAddons: %7B94625830-343a-4df0-88c1-444d195064d0%7D:10.22.5.510
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130813024103
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://search.condui...091223&UM=2&q="

FF - user.js..extensions.enabledAddons: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Parent\Local Settings\Application Data\RobloxVersions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Parent\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/02 18:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 10:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/01 14:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/01 14:20:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Social Privacy\FF\

[2010/08/24 15:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Extensions
[2013/12/19 15:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions
[2012/01/18 20:57:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/06 22:37:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/01 09:16:48 | 000,000,000 | ---D | M] (InternetHelper3.6) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}
[2013/12/19 15:52:31 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2013/12/01 13:53:27 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2012/06/28 21:24:19 | 000,550,833 | ---- | M] () (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2013/12/10 07:54:40 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\conduit-search.xml
[2013/12/10 07:54:08 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\internethelper36-customized-web-search.xml
[2013/11/27 00:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 00:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 00:48:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/02 18:50:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2010/11/04 12:00:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/11/04 12:00:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2012/10/12 18:35:10 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/04/11 10:40:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/12 18:35:11 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/31 10:25:44 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 15:59:11 | 000,003,675 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: InternetHelper3.6 = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\
CHR - Extension: InternetHelper3.6 = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Motive Extension = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: Tube Dimmer = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\

O1 HOSTS File: ([2013/12/01 19:01:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files\Social Privacy\sp.dll ()
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Advanced SystemCare Ultimate] C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..Trusted Domains: arise.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E163503C-6C22-4EAF-A1D4-E1F3DB8F4710}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA463FA6-3D52-49ED-9079-4D4BCEF53F9B}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\K12Wallpaper4.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\K12Wallpaper4.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/18 17:45:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 19:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 03:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 17:51:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2013/12/19 17:10:55 | 000,024,384 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/12/19 15:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2013/12/19 15:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2013/12/19 15:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013/12/19 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2013/12/19 15:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/12/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\IObit
[2013/12/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare Ultimate 7
[2013/12/19 15:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/12/16 16:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[2013/12/13 16:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Windows Search
[2013/12/09 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\visi_coupon
[2013/12/06 22:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/12/06 22:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Yahoo!
[2013/12/06 22:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2013/12/06 22:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/12/06 22:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/12/03 19:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
[2013/12/02 13:27:10 | 000,252,288 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2013/12/01 19:16:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/01 18:12:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/01 18:09:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/01 14:43:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Parent\Recent
[2013/12/01 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials_files
[2013/12/01 10:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TubeDimmer
[2013/12/01 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\ApplicationHistory
[2013/12/01 09:28:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/12/01 09:28:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/12/01 09:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Windows Desktop Search
[2013/12/01 09:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/12/01 09:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/12/01 09:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013/11/30 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/11/30 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/11/30 21:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\CRE
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit
[2013/11/30 21:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/30 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\ElevatedDiagnostics
[2013/11/30 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/11/30 20:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/11/29 10:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\Walmart.com_files
[2013/11/28 10:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\BrowserSafeguard
[2013/11/27 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/19 17:31:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/19 17:20:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/19 17:06:27 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare Ultimate 7.lnk
[2013/12/19 17:05:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/19 16:56:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/19 16:55:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 16:55:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
[2013/12/19 16:55:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2013/12/19 16:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/19 16:55:26 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/19 15:52:27 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
[2013/12/19 12:08:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/18 16:36:55 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\ROBLOX Player.lnk
[2013/12/18 16:36:55 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\ROBLOX Studio 2013.lnk
[2013/12/18 08:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/12/17 22:32:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
[2013/12/16 12:27:17 | 000,081,363 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\cake.jpg
[2013/12/14 22:39:38 | 000,045,811 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\mike.jpg
[2013/12/11 03:20:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 03:20:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/06 22:36:34 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/06 22:36:34 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/12/03 02:03:45 | 000,503,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/03 02:03:45 | 000,087,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/02 13:27:12 | 000,252,288 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2013/12/01 19:22:23 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 19:01:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/01 18:12:50 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/12/01 17:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2013/12/01 14:43:00 | 000,178,957 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials.htm
[2013/12/01 14:28:49 | 000,001,526 | ---- | M] () -- C:\WINDOWS\disney.ini
[2013/12/01 14:28:38 | 000,000,057 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2013/12/01 09:58:03 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/01 09:27:43 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/11/30 20:49:30 | 000,000,112 | ---- | M] () -- C:\WINDOWS\ka.ini
[2013/11/29 10:18:48 | 000,266,981 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\Walmart.com.htm
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/19 15:52:27 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
[2013/12/19 15:52:24 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2013/12/19 15:52:01 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare Ultimate 7.lnk
[2013/12/16 12:27:01 | 000,081,363 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\cake.jpg
[2013/12/14 22:39:19 | 000,045,811 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\mike.jpg
[2013/12/06 22:36:34 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/06 22:36:34 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/12/01 19:16:02 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 18:12:49 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013/12/01 18:12:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/01 14:42:55 | 000,178,957 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials.htm
[2013/12/01 09:27:43 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/12/01 09:27:43 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/11/29 10:18:45 | 000,266,981 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\Walmart.com.htm
[2013/11/05 14:08:57 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\rbxcsettings.rbx
[2013/03/28 14:31:30 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2013/03/09 00:50:34 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_oldschool_LIVE.dat
[2013/01/25 12:39:34 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2013/01/25 12:36:07 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2012/12/20 19:00:56 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d3d9caps.dat
[2012/12/20 00:55:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/06 19:51:50 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\recently-used.xbel
[2012/07/15 21:18:05 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\dt.dat
[2012/07/08 17:56:40 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/06 18:27:18 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE1.dat
[2012/03/25 20:17:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 12:06:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 21:31:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2012/02/15 21:31:04 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2012/02/06 00:10:38 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE.dat
[2012/02/06 00:10:38 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Parent\random.dat
[2012/01/04 03:27:37 | 002,405,663 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-97400744-3973020173-3376078148-1003-0.dat
[2012/01/04 03:27:30 | 000,274,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/03 19:02:30 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/02 22:19:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

========== ZeroAccess Check ==========

[2012/07/14 02:55:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L
[2012/07/15 15:53:16 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U
[2012/07/14 21:50:37 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L\00000004.@
[2012/07/14 02:52:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L
[2012/07/18 09:07:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U
[2012/07/14 02:52:06 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L\00000004.@
[2012/01/02 22:17:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2002/12/31 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2002/12/31 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


I am attaching the extras.txt file that also came from running OTL just in case it can be used in some way too.
  • 0

Advertisements

#2
Essexboy
Posted 20 December 2013 - 07:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you appear to have an old Zero access infection. So we will try a one pass kills all fix :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {134AA755-3ED5-48D9-AE38-8DF0955C066D}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...CF29901B4&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{0A75FE62-541A-4C74-ADA5-5D4D95ED210F}: "URL" = http://websearch.ask...31-2D935EAC9FD6
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{134AA755-3ED5-48D9-AE38-8DF0955C066D}: "URL" = http://search.condui...2571500731&UM=2
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-14 16:59:14&v=11.0.0.10&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "InternetHelper3.6 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&CUI=UN39889122511091223&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV="
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B94625830-343a-4df0-88c1-444d195064d0%7D:10.22.5.510
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&SearchSource=2&CUI=UN39889122511091223&UM=2&q="
FF - user.js..extensions.enabledAddons: [email protected]:1.0
[2013/12/01 09:16:48 | 000,000,000 | ---D | M] (InternetHelper3.6) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}
[2013/12/10 07:54:40 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\conduit-search.xml
[2013/12/10 07:54:08 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\internethelper36-customized-web-search.xml
[2012/07/14 15:59:11 | 000,003,675 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files\Social Privacy\sp.dll ()
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
[2013/12/19 15:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2013/12/19 15:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013/12/19 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2013/12/16 16:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[2013/12/03 19:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
[2013/11/30 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/11/30 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/11/30 21:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\CRE
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit
[2013/11/30 21:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/28 10:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\BrowserSafeguard

:Files
C:\Documents and Settings\All Users\Application Data\Updater
C:\Documents and Settings\All Users\Application Data\RHelpers
C:\Program Files\SearchProtect
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}
C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Izzy1665
Posted 21 December 2013 - 09:07 AM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Ok, ran your instructions in the order you posted, here are the results:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_USERS\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0A75FE62-541A-4C74-ADA5-5D4D95ED210F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A75FE62-541A-4C74-ADA5-5D4D95ED210F}\ not found.
Registry key HKEY_USERS\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Internet Explorer\SearchScopes\{134AA755-3ED5-48D9-AE38-8DF0955C066D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134AA755-3ED5-48D9-AE38-8DF0955C066D}\ not found.
Registry key HKEY_USERS\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "InternetHelper3.6 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://search.condui...F29901B4&SSPV=" removed from browser.startup.homepage
Prefs.js: DivXWebPlayer%40divx.com:2.0.2.039 removed from extensions.enabledAddons
Prefs.js: %7B94625830-343a-4df0-88c1-444d195064d0%7D:10.22.5.510 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "http://search.condui...091223&UM=2&q=" removed from keyword.URL
C:\Documents and Settings\Parent\Application Data\Mozilla\FireFox\Profiles\h38w5cc6.default\user.js moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Plugins folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\modules folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\META-INF folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\lib folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\defaults folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\components\mam folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\components folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\mam\content folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\mam folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\sl folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\lib folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\core folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\options folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\api folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb\al folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\tb folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic\uninstall\dialog\js folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic\uninstall\dialog\images folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic\uninstall\dialog\css folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic\uninstall\dialog folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic\uninstall folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content\logic folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827\content folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome\CT3315827 folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}\Chrome folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0} folder moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\conduit-search.xml moved successfully.
C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\internethelper36-customized-web-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
C:\Program Files\Social Privacy\sp.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
C:\Documents and Settings\All Users\Application Data\Updater\updater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\ProductData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect folder moved successfully.
C:\Program Files\MyPC Backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\Multi\CT3315827 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\Multi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3315827 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging\CT3315827\1_0_0_4 folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging\CT3315827 folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\CRE folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\ChromeExtData\dmkpdpkjmmdacleogmmlinafnhdfdlmp\Repository folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\ChromeExtData\dmkpdpkjmmdacleogmmlinafnhdfdlmp folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\ChromeExtData folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Chrome\CT3315827 folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit\Chrome folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit folder moved successfully.
C:\Program Files\Conduit\CT3315827\plugins folder moved successfully.
C:\Program Files\Conduit\CT3315827 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\BrowserSafeguard folder moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Updater folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper folder moved successfully.
C:\Documents and Settings\All Users\Application Data\RHelpers folder moved successfully.
C:\Program Files\SearchProtect\Main\Logs folder moved successfully.
C:\Program Files\SearchProtect\Main\bin folder moved successfully.
C:\Program Files\SearchProtect\Main folder moved successfully.
C:\Program Files\SearchProtect folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\_locales\en folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\_locales folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\TBHostSupport folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\sl folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\lib folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\core folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\wa folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ui folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\sp folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\options folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\msd folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\api folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\ac folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb\al folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\tb folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages\img folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages\html folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages\css folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages\API folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\NewTabPages folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search\html folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\Search folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\plugins folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\nativeMessaging folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\mam\scripts\contentScripts folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\mam\scripts folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\mam folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js\toolbarAPI folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js\tabs\back folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js\tabs folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js\options folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js\lib folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\js folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0 folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp folder moved successfully.
C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U folder moved successfully.
C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L folder moved successfully.
C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23} folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L folder moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23} folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16188174 bytes
->Java cache emptied: 27 bytes
->Flash cache emptied: 405235 bytes

User: NetworkService
->Temp folder emptied: 142324 bytes
->Temporary Internet Files folder emptied: 33186 bytes
->Java cache emptied: 546 bytes
->Flash cache emptied: 34980 bytes

User: Parent
->Temp folder emptied: 12635812 bytes
->Temporary Internet Files folder emptied: 47525130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65580709 bytes
->Google Chrome cache emptied: 387573078 bytes
->Flash cache emptied: 1399 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 714089 bytes
%systemroot%\System32 .tmp files removed: 129897 bytes
%systemroot%\System32\dllcache .tmp files removed: 140288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1136193 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32557655 bytes

Total Files Cleaned = 539.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212013_083101

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_11704.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_c44.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



**************************************

# AdwCleaner v3.015 - Report created 21/12/2013 at 08:50:37
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Parent - K12-2DDEF1F8D6B
# Running from : C:\Documents and Settings\Parent\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\invalidprefs.js
Folder Found : C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\TubeDimmer
Folder Found C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\Smartbar
Folder Found C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\ValueApps
Folder Found C:\Documents and Settings\Parent\Local Settings\Application Data\Giant Savings
Folder Found C:\Documents and Settings\Parent\Local Settings\Application Data\Searchprotect
Folder Found C:\Documents and Settings\Parent\Local Settings\Application Data\visi_coupon
Folder Found C:\Program Files\GreenTree Applications

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DynConIE
Key Found : HKCU\Software\Giant Savings
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV=

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\prefs.js ]

Line Found : user_pref("CT3315827.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3315827.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3315827.1000234.TWC_TMP_city", "ORLANDO");
Line Found : user_pref("CT3315827.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3315827.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3315827.1000234.TWC_locId", "USFL0372");
Line Found : user_pref("CT3315827.1000234.TWC_location", "Orlando, FL");
Line Found : user_pref("CT3315827.1000234.TWC_region", "US");
Line Found : user_pref("CT3315827.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3315827.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3315827.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.FF19Solved", "true");
Line Found : user_pref("CT3315827.FirstTime", "true");
Line Found : user_pref("CT3315827.FirstTimeFF3", "true");
Line Found : user_pref("CT3315827.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&SearchSource=2&CUI=UN39889122511091223&UM=2&q=");
Line Found : user_pref("CT3315827.UserID", "UN39889122511091223");
Line Found : user_pref("CT3315827.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3315827.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3315827.countryCode", "US");
Line Found : user_pref("CT3315827.defaultSearch", "true");
Line Found : user_pref("CT3315827.embeddedsData", "[{\"appId\":\"130246923221938706\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3315827.enableAlerts", "true");
Line Found : user_pref("CT3315827.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3315827.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3315827.fixPageNotFoundError", "true");
Line Found : user_pref("CT3315827.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3315827.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3315827.fullUserID", "UN39889122511091223.IN.20131130205936");
Line Found : user_pref("CT3315827.installDate", "30/11/2013 20:59:43");
Line Found : user_pref("CT3315827.installId", "stub.exe");
Line Found : user_pref("CT3315827.installSessionId", "{209121C3-E6F8-45C7-BDF7-147748B178A3}");
Line Found : user_pref("CT3315827.installSp", "TRUE");
Line Found : user_pref("CT3315827.installType", "conduitnsisintegration");
Line Found : user_pref("CT3315827.installUsage", "2013-12-01T06:33:54.27336+03:00");
Line Found : user_pref("CT3315827.installUsageEarly", "2013-12-01T06:33:51.1377801+03:00");
Line Found : user_pref("CT3315827.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3315827.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3315827.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3315827.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3315827.keyword", "true");
Line Found : user_pref("CT3315827.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3315827&octid=CT3315827&SearchSource=15&CUI=UN39889122511091223&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3315827.lastVersion", "10.22.5.510");
Line Found : user_pref("CT3315827.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3315827.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fdownloadcenter.netgear.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Global%20Download%20Center\",\"EB_SEARCH_TERM\":\"\",\"EB_[...]
Line Found : user_pref("CT3315827.openThankYouPage", "false");
Line Found : user_pref("CT3315827.openUninstallPage", "true");
Line Found : user_pref("CT3315827.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV=");
Line Found : user_pref("CT3315827.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid=%7Ba7448ef0-c4be-40c3-8f37-9410c57c8df9%7D&mid=&ds=AVG&v=11.0.0.10&lang=en&pr=fr&d=2012-07-14%2016%3A59%3A14&sap=ku&q[...]
Line Found : user_pref("CT3315827.originalSearchEngine", "Conduit Search");
Line Found : user_pref("CT3315827.originalSearchEngineName", "Conduit Search");
Line Found : user_pref("CT3315827.revertSettingsEnabled", "false");
Line Found : user_pref("CT3315827.search.searchAppId", "130246923221938706");
Line Found : user_pref("CT3315827.search.searchCount", "0");
Line Found : user_pref("CT3315827.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3315827.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3315827.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3315827.searchRevert", "false");
Line Found : user_pref("CT3315827.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3315827.searchUninstallUserMode", "2");
Line Found : user_pref("CT3315827.searchUserMode", "2");
Line Found : user_pref("CT3315827.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3315827\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper36.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.6 \"}");
Line Found : user_pref("CT3315827.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3315827.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3315827.serviceLayer_services_Configuration_lastUpdate", "1386680040351");
Line Found : user_pref("CT3315827.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1385868871737");
Line Found : user_pref("CT3315827.serviceLayer_services_appsMetadata_lastUpdate", "1386680037391");
Line Found : user_pref("CT3315827.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1385868871317");
Line Found : user_pref("CT3315827.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1385868869004");
Line Found : user_pref("CT3315827.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1385868872752");
Line Found : user_pref("CT3315827.serviceLayer_services_login_10.22.5.10_lastUpdate", "1385868872232");
Line Found : user_pref("CT3315827.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386680031394");
Line Found : user_pref("CT3315827.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1385868872022");
Line Found : user_pref("CT3315827.serviceLayer_services_searchAPI_lastUpdate", "1386680037794");
Line Found : user_pref("CT3315827.serviceLayer_services_serviceMap_lastUpdate", "1386680031379");
Line Found : user_pref("CT3315827.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386680036897");
Line Found : user_pref("CT3315827.serviceLayer_services_toolbarSettings_lastUpdate", "1386680036961");
Line Found : user_pref("CT3315827.serviceLayer_services_translation_lastUpdate", "1386680037160");
Line Found : user_pref("CT3315827.settingsINI", true);
Line Found : user_pref("CT3315827.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3315827.showToolbarPermission", "false");
Line Found : user_pref("CT3315827.smartbar.CTID", "CT3315827");
Line Found : user_pref("CT3315827.smartbar.Uninstall", "0");
Line Found : user_pref("CT3315827.smartbar.homepage", "true");
Line Found : user_pref("CT3315827.smartbar.toolbarName", "InternetHelper3.6 ");
Line Found : user_pref("CT3315827.startPage", "true");
Line Found : user_pref("CT3315827.toolbarBornServerTime", "1-12-2013");
Line Found : user_pref("CT3315827.toolbarCurrentServerTime", "10-12-2013");
Line Found : user_pref("CT3315827.toolbarInstallDate", "30-11-2013 20:59:37");
Line Found : user_pref("CT3315827.toolbarLoginClientTime", "Sat Nov 30 2013 22:34:32 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3315827.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3315827.xpeMode", "0");
Line Found : user_pref("CT3315827_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386680081772,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Ba7448ef0-c4be-40c3-8f37-9410c57c8df9%7D&mid=&ds=AVG&v=11.0.0.10&lang=en&pr=fr&d=2012-07-14%2016%3A59%3A14&sap=k[...]
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3315827");
Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV=");
Line Found : user_pref("extensions.crossrider.bic", "138901d3620baca7992d2b2652758f64");
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1342415337);
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Found : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.affid", "0");
Line Found : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp4479.4479.backgroundver", 8);
Line Found : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1342415337");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1342415337");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Fri Jan 18 2013 13:06:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Wed Jan 23 2013 13:01:17 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1358526024");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221357677907%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1346340373030");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_sr[freescore360.com].expiration", "Fri Jan 25 2013 12:20:53 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_sr[freescore360.com].value", "1358529653");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2257040%22");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1346023536487");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/cleaning-storage-hardware/storage/212c261c261/index.cat%22%2C%22host%22%3A%22www.dollartree.com%22%2C%22sch[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Found : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.emailsig", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.exposesites", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Found : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2233C4040C7ED649C99770481F5DFF81C7IE%22%2C%22installer_verifier%22%3A%22d3a16f5260fbec65[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "53");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Fri Jan 18 2013 17:20:24 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Found : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 12);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(d){console.log(d)},factor:1,preinit:function(){_G[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 5);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 4);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(g){var e={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return g.Class.ex[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 1);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 1);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 2);
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
Line Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,22,72,1000014,28");
Line Found : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/086/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 26);
Line Found : user_pref("extensions.crossriderapp4479.4479.premium", true);
Line Found : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Found : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp4479.4479.ver", 53);
Line Found : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Found : user_pref("extensions.crossriderapp4479.bic", "138901d3620baca7992d2b2652758f64");
Line Found : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Found : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Found : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp4479.installationdate", 1342447630);
Line Found : user_pref("extensions.crossriderapp4479.lastcheck", 22642100);
Line Found : user_pref("extensions.crossriderapp4479.lastcheckitem", 22642206);
Line Found : user_pref("extensions.crossriderapp4479.misc.lastBgWorkerTimer", "1342447871834");
Line Found : user_pref("extensions.crossriderapp4479.misc.lastDomWorkerTimer", "1342447871831");
Line Found : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Found : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
Line Found : user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1387636696350");
Line Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145,support%40tubedimmerapp.com:2.6.4723772,%7B635abd67-4fe9-1b23-4f01-e679fa[...]
Line Found : user_pref("keyword.url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&SearchSource=2&CUI=UN39889122511091223&UM=2&q=");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [35116 octets] - [21/12/2013 08:50:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [35177 octets] ##########



**************************

ComboFix 13-12-20.01 - Parent 12/21/2013 9:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1047 [GMT -5:00]
Running from: c:\documents and settings\Parent\Desktop\ComboFix.exe
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-21 14:01 . 2013-12-21 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ProductData
2013-12-21 13:50 . 2013-12-21 13:55 -------- d-----w- C:\AdwCleaner
2013-12-21 13:31 . 2013-12-21 13:31 -------- d-----w- C:\_OTL
2013-12-20 22:45 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA40717E-453C-4DBF-A23A-9E6D19522869}\mpengine.dll
2013-12-19 22:10 . 2013-06-27 23:05 24384 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-12-19 21:55 . 2013-12-19 21:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2013-12-19 20:52 . 2013-12-19 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-12-19 20:52 . 2013-12-19 20:52 -------- d-----w- c:\documents and settings\Parent\Application Data\IObit
2013-12-19 20:51 . 2013-12-19 20:52 -------- d-----w- c:\program files\IObit
2013-12-19 00:04 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-13 21:21 . 2013-12-13 21:21 -------- d-----w- c:\documents and settings\Parent\Application Data\Windows Search
2013-12-07 03:37 . 2013-12-09 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-12-07 03:37 . 2013-12-07 03:52 -------- d-----w- c:\documents and settings\Parent\Application Data\Yahoo!
2013-12-07 03:36 . 2013-12-07 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2013-12-07 03:32 . 2013-12-07 03:37 -------- d-----w- c:\program files\Yahoo!
2013-12-02 18:27 . 2013-12-02 18:27 252288 ----a-r- c:\windows\system32\cpnprt2.cid
2013-12-01 14:47 . 2013-12-01 14:48 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\ApplicationHistory
2013-12-01 14:28 . 2013-12-01 14:28 -------- d-----w- c:\windows\system32\winrm
2013-12-01 14:28 . 2013-12-01 14:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-12-01 14:28 . 2013-12-01 14:28 -------- d-----w- c:\documents and settings\Parent\Application Data\Windows Desktop Search
2013-12-01 14:27 . 2013-12-03 07:04 -------- d-----w- c:\program files\Windows Desktop Search
2013-12-01 14:27 . 2013-12-01 14:27 -------- d-----w- c:\windows\system32\GroupPolicy
2013-12-01 14:26 . 2013-12-01 14:26 -------- d-----w- c:\windows\system32\URTTEMP
2013-12-01 01:42 . 2013-12-01 01:42 -------- d-----w- c:\documents and settings\Parent\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 08:20 . 2012-04-12 14:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 08:20 . 2012-01-03 15:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2012-01-03 02:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59 . 2002-12-31 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2002-12-31 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2010-08-25 18:18 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2002-12-31 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2002-12-31 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2002-12-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2002-12-31 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2002-12-31 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2002-12-31 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2002-12-31 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2002-12-31 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2002-12-31 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 14:53 . 2013-01-20 20:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-19 20:52 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2013-12-19 752448]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Advanced SystemCare Ultimate"="c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" [2013-12-02 2562368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2013-3-28 4545024]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Online plug-in.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Online plug-in.lnk
backup=c:\windows\pss\Online plug-in.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parent^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Parent\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Parent^Start Menu^Programs^Startup^_uninst_.lnk]
path=c:\documents and settings\Parent\Start Menu\Programs\Startup\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2002-12-31 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 12:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-10 01:01 19523616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-02-16 01:52 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-31 15:25 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" -autorun
"GetBooks"="c:\documents and settings\Parent\Local Settings\Application Data\GetBooks\GetBooks.exe" fc2aafde7034184aa14db6c2aa6a15f5
"PrinterShare"=c:\program files\PrinterShare\paConsole.exe -minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/18/2010 2:10 PM 184888]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [12/19/2013 3:51 PM 886592]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe [12/19/2013 3:51 PM 646976]
R2 ATT MAHostService;ATT MAHostService;c:\program files\ATT\8.2.1.6\ma\bin\MAHostService.exe [3/26/2013 12:12 PM 319488]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [3/28/2013 2:31 PM 266240]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3/28/2013 2:31 PM 1759584]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/31/2002 7:00 AM 44800]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [3/28/2013 2:31 PM 57440]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [12/19/2013 3:52 PM 2151232]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [3/28/2013 2:31 PM 360529]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 2:21 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 2:21 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 2:21 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [5/13/2011 2:21 AM 114280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-02 00:22 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:20]
.
2013-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-12-21 c:\windows\Tasks\ASC7_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2013-12-19 19:59]
.
2013-12-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-12-31 12:00]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 01:31]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 01:31]
.
2013-12-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
2013-12-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-07 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2012-07-14 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV=
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Trusted Zone: arise.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP267D4D7D-2459-4D13-960D-830CF29901B4&SSPV=
FF - prefs.js: keyword.url - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&SearchSource=2&CUI=UN39889122511091223&UM=2&q=
FF - ExtSQL: 2013-12-06 22:37; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-12-19 10:52; [email protected]; c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2012-01-05 03:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1a413f37-ed88-4fec-9666-997AF4905D9C} - c:\program files\GreenTree Applications\FLV.com FLV Converter\uninstall.exe
AddRemove-{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} - c:\documents and settings\All Users\Application Data\Updater\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-21 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1592)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ATT\8.2.1.6\ma\bin\node.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-12-21 09:21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-21 14:21
.
Pre-Run: 121,255,817,216 bytes free
Post-Run: 121,244,172,288 bytes free
.
- - End Of File - - 3B4E636CFA15A5CBE978457824AC74B3
8F558EB6672622401DA993E1E865C861
  • 0

#4
Essexboy
Posted 21 December 2013 - 09:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that killed a lot, how is the computer behaving now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#5
Izzy1665
Posted 29 December 2013 - 11:45 AM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.29.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Parent :: K12-2DDEF1F8D6B [administrator]

12/29/2013 12:36:40 PM
mbam-log-2013-12-29 (12-36-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208038
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[email protected] (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.condui...CF29901B4&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\Social Privacy (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Documents and Settings\Parent\My Documents\Downloads\VaudiX.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\Setup (2).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\Setup(1).exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\FlashPlayer_V.22788403c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\FlashPlayer_V.6039acc59e9e136c05bc14410337d53c.exe (Trojan.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\Zombie Survival Guide.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\WhiteSmokeInstaller_9128.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Parent\My Documents\Downloads\WhiteSmokeInstaller_9147.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Social Privacy\code.zip (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files\Social Privacy\r.log (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
C:\Program Files\Social Privacy\Uninstall.exe (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.

(end)
  • 0

#6
CompCav
Posted 29 December 2013 - 12:24 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi I am standing in for Essexboy until her returns.

How is the computer behaving?

Are you still having any of the initial issues you had when you posted this topic?


Regards,

CompCav
  • 0

#7
Izzy1665
Posted 29 December 2013 - 08:38 PM

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
So far so good. Wife is running it through her work processes now. If any issues come up I will post about them here. Thank you.
  • 0

#8
CompCav
Posted 29 December 2013 - 08:40 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK let me know and if still good we will do a cleanup of the tools that are on your computer.
  • 0

#9
Essexboy
Posted 08 January 2014 - 04:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP