Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

laptop spyware and viruses cleanup [Solved]

Started by x_LUIS_X , Jan 04 2014 05:12 AM

This topic is locked

#1
x_LUIS_X

Posted 04 January 2014 - 05:12 AM

Member

Member
153 posts

hi geeks to go my brothers laptop its been loaded with spyware and viruses a try to uninstall some programs and toolbars using revo unistaller and superantispyware but i think its more deep then that.

i attach the Otl scan log
thank you for help

OTL logfile created on: 1/4/2014 3:14:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cowboys\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 42.44% Memory free
4.49 Gb Paging File | 2.02 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.11 Gb Total Space | 410.74 Gb Free Space | 90.25% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Cowboys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/04 03:10:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboys\Desktop\OTL.exe
PRC - [2013/12/25 19:19:14 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2013/12/16 02:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 02:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 02:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/11/22 15:26:12 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/29 23:21:38 | 002,561,088 | ---- | M] () -- C:\Program Files (x86)\IDMSQ\idmsq.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/07 21:21:44 | 001,083,704 | ---- | M] (PC Health Labs) -- C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe
PRC - [2013/08/07 21:21:26 | 000,489,272 | ---- | M] (PC Health Labs) -- C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
PRC - [2013/07/08 11:33:36 | 001,497,120 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2012/11/22 21:44:08 | 002,716,048 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2012/08/25 01:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012/05/14 11:55:06 | 003,150,928 | ---- | M] (VS Revo Group) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/03 22:44:10 | 000,086,016 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMFA5.tmp
MOD - [2014/01/03 22:44:10 | 000,086,016 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME3C.tmp
MOD - [2014/01/03 22:44:10 | 000,086,016 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM1034.tmp
MOD - [2014/01/03 22:44:09 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMB57.tmp
MOD - [2014/01/03 22:44:09 | 000,086,016 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMDFB.tmp
MOD - [2014/01/03 22:44:08 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMA0D.tmp
MOD - [2014/01/03 22:44:08 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM8A4.tmp
MOD - [2014/01/03 22:44:08 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM75A.tmp
MOD - [2014/01/03 22:44:07 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM5C1.tmp
MOD - [2014/01/03 22:44:07 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM40A.tmp
MOD - [2014/01/03 22:44:06 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMFE47.tmp
MOD - [2014/01/03 22:44:06 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME.tmp
MOD - [2014/01/03 22:44:06 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM243.tmp
MOD - [2014/01/03 22:44:05 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMFBB5.tmp
MOD - [2014/01/03 22:44:05 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMFAC8.tmp
MOD - [2014/01/03 22:44:04 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF8C3.tmp
MOD - [2014/01/03 22:44:04 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF7A8.tmp
MOD - [2014/01/03 22:44:04 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF709.tmp
MOD - [2014/01/03 22:44:03 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF67B.tmp
MOD - [2014/01/03 22:44:03 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF5FC.tmp
MOD - [2014/01/03 22:44:03 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF53E.tmp
MOD - [2014/01/03 22:44:03 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF471.tmp
MOD - [2014/01/03 22:44:03 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF2D9.tmp
MOD - [2014/01/03 22:44:02 | 000,120,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMF23A.tmp
MOD - [2014/01/03 22:44:01 | 000,072,704 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMEB4E.tmp
MOD - [2014/01/03 22:44:01 | 000,072,192 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMED75.tmp
MOD - [2014/01/03 22:44:01 | 000,072,192 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMEC79.tmp
MOD - [2014/01/03 22:44:00 | 000,072,192 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMEADF.tmp
MOD - [2014/01/03 22:44:00 | 000,064,000 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME868.tmp
MOD - [2014/01/03 22:44:00 | 000,057,344 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME9B4.tmp
MOD - [2014/01/03 22:44:00 | 000,053,760 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME8F6.tmp
MOD - [2014/01/03 22:44:00 | 000,053,760 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME75C.tmp
MOD - [2014/01/03 22:43:59 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME70C.tmp
MOD - [2014/01/03 22:43:59 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME61F.tmp
MOD - [2014/01/03 22:43:59 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME3BA.tmp
MOD - [2014/01/03 22:43:59 | 000,056,320 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME514.tmp
MOD - [2014/01/03 22:43:58 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME186.tmp
MOD - [2014/01/03 22:43:58 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEME05B.tmp
MOD - [2014/01/03 22:43:58 | 000,056,832 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMDEA3.tmp
MOD - [2014/01/03 22:43:57 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMDC1F.tmp
MOD - [2014/01/03 22:43:57 | 000,033,792 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\YTMP7MC8AA\TAADE53.tmp
MOD - [2014/01/03 22:43:56 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMDA86.tmp
MOD - [2014/01/03 22:43:56 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMD95B.tmp
MOD - [2014/01/03 22:43:56 | 000,068,608 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMD794.tmp
MOD - [2014/01/03 22:43:55 | 000,075,776 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMD6D3.tmp
MOD - [2014/01/03 22:43:55 | 000,056,320 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMD713.tmp
MOD - [2014/01/03 22:43:55 | 000,055,296 | ---- | M] () -- C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEMD744.tmp
MOD - [2013/12/25 19:19:14 | 000,761,536 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2013/11/22 15:25:50 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/29 23:21:38 | 002,561,088 | ---- | M] () -- C:\Program Files (x86)\IDMSQ\idmsq.exe
MOD - [2012/11/22 21:40:32 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2012/11/22 21:40:32 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2012/11/22 21:40:32 | 000,775,680 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
MOD - [2012/11/22 21:40:32 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2012/11/22 21:40:32 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/10 10:10:24 | 000,513,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 17:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2013/12/16 02:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/11/22 15:26:11 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/19 15:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/25 01:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/21 22:28:28 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/28 06:32:28 | 000,524,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 20:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 20:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/15 00:09:10 | 012,311,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/01 03:03:18 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 19:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 19:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/20 12:42:06 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/06/22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/11/09 06:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D581C697-E0A1-4E8E-9021-BA85AEF6D57F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...67E526778&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 B7 AF EE 9B 3C CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1C3A39F4-25B8-4177-A958-31A52389F6CE}: "URL" = http://asksearch.ask...={searchTerms}
IE - HKCU\..\SearchScopes\{D581C697-E0A1-4E8E-9021-BA85AEF6D57F}: "URL" = http://search.condui...5414927383&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3298566.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V30 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledAddons: %7Bb0b5a63d-7609-4029-823b-9a3acc4bd1ff%7D:1.135
FF - prefs.js..extensions.enabledAddons: ext%40WebexpEnhancedV1alpha2079.net:1.1
FF - prefs.js..extensions.enabledAddons: %7BF32E7E42-9AFA-47CA-A0C4-D07EE651D404%7D:1.0
FF - prefs.js..extensions.enabledAddons: support%40searchdonkeyapp.com:2.6.49
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: 617adace-7eff-4533-a99b-c3035e421e39%4079b1df57-9584-4f9d-8a2b-ae1803a7ae55.com:0.93.44
FF - prefs.js..extensions.enabledAddons: crossriderapp12555%40crossrider.com:0.93.88
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.124
FF - prefs.js..extensions.enabledAddons: %7B1122b43d-30ee-403f-9bfa-3cc99b0caddd%7D:10.23.0.822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://search.condui...274330&UM=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ff [2013/12/29 17:08:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b0b5a63d-7609-4029-823b-9a3acc4bd1ff}: C:\Program Files (x86)\Re-markit\135.xpi [2013/11/22 14:52:29 | 000,005,702 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/29 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Extensions
[2014/01/03 23:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions
[2014/01/03 18:01:29 | 000,000,000 | ---D | M] (MixiDJ V30) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
[2013/11/21 10:24:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/29 17:36:57 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/12/29 17:16:27 | 000,000,000 | ---D | M] ("Plus-HD-1.2") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com
[2013/11/22 14:54:04 | 000,000,000 | ---D | M] ("Newzio 1.4") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com
[2014/01/03 18:01:40 | 000,000,000 | ---D | M] ("jollywallet") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2013/07/22 01:31:26 | 000,000,000 | ---D | M] (GetSavin) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack
[2013/12/29 18:29:26 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2013/11/22 14:52:47 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack
[2013/12/29 17:37:39 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2014/01/03 18:01:31 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan
[2014/01/03 02:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData
[2014/01/03 02:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\plugins
[2014/01/03 02:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\userCode
[2014/01/03 02:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData
[2014/01/03 02:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\plugins
[2014/01/03 02:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\userCode
[2014/01/03 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData
[2014/01/03 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\plugins
[2014/01/03 18:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\userCode
[2013/05/31 12:19:14 | 000,053,942 | ---- | M] () (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2014/01/03 17:40:21 | 000,530,247 | ---- | M] () (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2013/04/20 21:47:09 | 000,002,508 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\ask-search.xml
[2014/01/04 02:59:29 | 000,000,969 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit-search.xml
[2013/12/29 17:18:55 | 000,000,850 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit.xml
[2014/01/03 22:43:02 | 000,004,136 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\SweetIM Search.xml
[2013/11/22 15:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/22 15:26:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/22 14:52:29 | 000,005,702 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\RE-MARKIT\135.XPI
[2013/12/29 17:08:04 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF

O1 HOSTS File: ([2013/12/29 17:48:50 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 d2lk34kybukd05.cloudfront.net
O2:64bit: - BHO: (jollywallet) - {11111111-1111-1111-1111-110111251155} - C:\Program Files (x86)\jollywallet\jollywallet-bho64.dll (jollywallet)
O2:64bit: - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll (Plus HD)
O2:64bit: - BHO: (Newzio 1.4) - {11111111-1111-1111-1111-110411081152} - C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho64.dll (AlgoClicks)
O2 - BHO: (no name) - {078B4C00-A911-41F3-9FD1-E07ACA3FFA55} - No CLSID value found.
O2 - BHO: (Re-markit) - {0f03b11d-409d-4280-8e9a-1eba82866e4e} - C:\Program Files (x86)\Re-markit\135.dll ()
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} - No CLSID value found.
O2 - BHO: (jollywallet) - {11111111-1111-1111-1111-110111251155} - C:\Program Files (x86)\jollywallet\jollywallet-bho.dll (jollywallet)
O2 - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll (Plus HD)
O2 - BHO: (Newzio 1.4) - {11111111-1111-1111-1111-110411081152} - C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho.dll (AlgoClicks)
O2 - BHO: (Webexp Enhanced) - {1b427ba3-08c1-419d-8a7e-90e527e5a76e} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ie\WebexpEnhancedV1alpha2079.dll ()
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Cowboys\AppData\Local\DownloadTerms\temp.dat ()
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Cowboys\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (Idmsq Extension) - {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\Cowboys\AppData\Roaming\IDMSQ\idmsqext.dll (Or Interactive Ltd)
O2 - BHO: (no name) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - No CLSID value found.
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Cowboys\AppData\Local\DefineExt\temp.dat ()
O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKCU..\Run: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe ()
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [NextLive] C:\Users\Cowboys\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (PC Health Labs)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)
O4 - Startup: C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99FDA86E-2988-470C-9036-4E60AD873C82}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43f3e49a-aa2b-11e2-be92-00266cad965b}\Shell - "" = AutoRun
O33 - MountPoints2\{43f3e49a-aa2b-11e2-be92-00266cad965b}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/04 03:10:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cowboys\Desktop\OTL.exe
[2014/01/04 01:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2014/01/04 01:00:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/03 23:31:19 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/01/03 23:31:19 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/01/03 22:43:15 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\SearchProtect
[2014/01/03 21:23:13 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/01/03 17:32:19 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/03 17:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2014/01/03 17:29:41 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/03 17:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/01/03 17:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/03 17:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/03 17:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/01/03 17:27:47 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/12/29 18:37:20 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\PC Health Kit
[2013/12/29 18:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
[2013/12/29 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\AVG2014
[2013/12/29 18:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Health Kit
[2013/12/29 18:36:25 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\TuneUp Software
[2013/12/29 18:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/29 18:34:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/12/29 18:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/12/29 18:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/12/29 18:31:08 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013/12/29 18:31:08 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013/12/29 18:31:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2013/12/29 18:31:03 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\Avg2014
[2013/12/29 18:30:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/12/29 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\MFAData
[2013/12/29 18:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/12/29 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\Avg2013
[2013/12/29 18:28:11 | 000,837,560 | ---- | C] (Download Manager ) -- C:\Users\Cowboys\Desktop\setup (2).exe
[2013/12/29 17:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2013/12/29 17:48:59 | 000,000,000 | ---D | C] -- C:\MININT
[2013/12/29 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
[2013/12/29 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\IDMSQ
[2013/12/29 17:48:46 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Systweak
[2013/12/29 17:48:44 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/12/29 17:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDMSQ
[2013/12/29 17:47:41 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\IDM2
[2013/12/29 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2013/12/29 17:39:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\VideoBuzz
[2013/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoBuzz
[2013/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoBuzz
[2013/12/29 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/12/29 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/12/29 17:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/12/29 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\Adobe
[2013/12/29 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Fighters
[2013/12/29 17:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2013/12/29 17:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/12/29 17:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2013/12/29 17:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2013/12/29 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2013/12/29 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\ArcadeParlor
[2013/12/29 17:36:37 | 000,835,656 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINCTL5.OCX
[2013/12/29 17:36:37 | 000,499,785 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINUTIL8.DLL
[2013/12/29 17:36:37 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\SysWow64\WINLCTL6.DLL
[2013/12/29 17:36:30 | 000,516,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CapiCom.dll
[2013/12/29 17:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno
[2013/12/29 17:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
[2013/12/29 17:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/29 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/29 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/29 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\.android
[2013/12/29 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\cache
[2013/12/29 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\newnext.me
[2013/12/29 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\genienext
[2013/12/29 17:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
[2013/12/29 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayer
[2013/12/29 17:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/29 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-1.2
[2013/12/29 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\Programs
[2013/12/29 17:08:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/29 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1
[2013/12/09 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/08 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\Documents\Richard

========== Files - Modified Within 30 Days ==========

[2014/01/04 03:10:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cowboys\Desktop\OTL.exe
[2014/01/04 02:54:00 | 000,001,310 | ---- | M] () -- C:\Windows\tasks\Newzio 1.4-updater.job
[2014/01/04 01:33:01 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/01/04 00:48:24 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2014/01/03 23:17:00 | 000,001,348 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-updater.job
[2014/01/03 23:17:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-enabler.job
[2014/01/03 23:16:00 | 000,001,250 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-codedownloader.job
[2014/01/03 23:15:01 | 000,002,124 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-firefoxinstaller.job
[2014/01/03 23:15:01 | 000,001,996 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.2-chromeinstaller.job
[2014/01/03 23:02:33 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/03 23:02:33 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/03 23:02:33 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/03 22:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 22:43:13 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2014/01/03 22:43:07 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2014/01/03 22:42:55 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Cowboys-Notification.job
[2014/01/03 22:42:55 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Re-markit Update.job
[2014/01/03 22:42:55 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Cowboys-Startup.job
[2014/01/03 22:42:45 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/01/03 22:42:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/01/03 22:42:33 | 3267,231,744 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 17:32:19 | 000,001,007 | ---- | M] () -- C:\Users\Cowboys\Desktop\CCleaner.lnk
[2014/01/03 17:29:23 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/03 17:27:48 | 000,001,264 | ---- | M] () -- C:\Users\Cowboys\Desktop\Revo Uninstaller.lnk
[2014/01/03 02:22:11 | 000,438,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/29 18:36:25 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 18:28:13 | 000,837,560 | ---- | M] (Download Manager ) -- C:\Users\Cowboys\Desktop\setup (2).exe
[2013/12/29 17:49:07 | 000,001,097 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/29 17:49:07 | 000,001,087 | ---- | M] () -- C:\Users\Cowboys\Desktop\MyPC Backup.lnk
[2013/12/29 17:39:46 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\VideoBuzz.lnk
[2013/12/29 17:15:32 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/12/09 15:38:19 | 000,003,159 | ---- | M] () -- C:\Review - Shortcut.lnk

========== Files Created - No Company Name ==========

[2014/01/03 22:32:06 | 000,001,262 | ---- | C] () -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4 - Control Panel.lnk
[2014/01/03 17:32:19 | 000,001,007 | ---- | C] () -- C:\Users\Cowboys\Desktop\CCleaner.lnk
[2014/01/03 17:29:23 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/03 17:27:48 | 000,001,264 | ---- | C] () -- C:\Users\Cowboys\Desktop\Revo Uninstaller.lnk
[2014/01/03 02:21:46 | 000,438,536 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/29 18:36:25 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/12/29 17:39:46 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\VideoBuzz.lnk
[2013/12/29 17:38:53 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Cowboys-Notification.job
[2013/12/29 17:38:53 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter64-Cowboys-Startup.job
[2013/12/29 17:36:52 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/29 17:36:48 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\RPCReminder.job
[2013/12/29 17:36:42 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\RegPowerClean.job
[2013/12/29 17:36:36 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\WinCMR.dll
[2013/12/29 17:18:17 | 000,001,097 | ---- | C] () -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/29 17:18:17 | 000,001,087 | ---- | C] () -- C:\Users\Cowboys\Desktop\MyPC Backup.lnk
[2013/12/29 17:17:13 | 000,001,348 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.2-updater.job
[2013/12/29 17:17:02 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.2-enabler.job
[2013/12/29 17:16:45 | 000,001,250 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.2-codedownloader.job
[2013/12/29 17:15:32 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/12/29 17:15:26 | 000,002,124 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.2-firefoxinstaller.job
[2013/12/29 17:15:03 | 000,001,996 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.2-chromeinstaller.job
[2013/12/09 15:38:19 | 000,003,159 | ---- | C] () -- C:\Review - Shortcut.lnk
[2013/11/21 10:21:42 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/09/15 00:07:48 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/09/15 00:07:48 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/09/15 00:07:46 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/09/14 23:49:48 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/04/03 13:00:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\L
[2013/04/03 13:00:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\U
[2013/12/29 17:18:20 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D346F792
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

OTL Extras logfile created on: 1/4/2014 3:14:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cowboys\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 42.44% Memory free
4.49 Gb Paging File | 2.02 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.11 Gb Total Space | 410.74 Gb Free Space | 90.25% Space Free | Partition Type: NTFS

Computer Name: RICHARD | User Name: Cowboys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Windows\SysWow64\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Windows\SysWow64\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B8704-9C44-4D20-9C46-D002DB24EDD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{072E9F91-46D9-4978-A6CB-9DC0CD46BCEA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2118444D-2EA8-43F3-BF95-7910BA3A4C5E}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F06E2A2-0AF2-4517-90F1-9AEA892616BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F41D6EC-2882-4B2B-8033-7516D443DB51}" = lport=137 | protocol=17 | dir=in | app=system |
"{37412B1A-AE6D-46FD-8AC8-43A6A5E72BFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A252507-9C7E-48FC-86E0-CA0BB240B748}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51C0E2ED-62EB-40D7-B331-EF7751D70C53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AF8F941-D3EF-449A-AE6C-E1BE2B7AA62B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5ECB62B9-47B2-4187-85FC-0E8F18A2A43A}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F0A30C6-5CDF-4883-A59F-99904994D741}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8080CEE0-847B-4D7B-B540-A7871DC61F97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85A230A9-8DF4-4F49-A422-6BD27B14EB8A}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C21298F-9013-4FD6-8C66-D4BADE486F5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{93B34C5A-7086-44DC-B8BE-583F42D2600D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CB4A698-FA3E-4D71-A09A-C808CBD68B8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D231723-F93A-4FF6-B4BF-555931E2E3D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B5F586D0-563E-4F6C-A952-35A62B759EFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{C235E0B7-DE0A-4BF7-9E67-FF2562B4FE0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3E24F9F-3A2A-466C-95BF-8876A65F3F59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DC430587-22A1-49E3-858A-816E5A4A155F}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5121C9-0441-41A0-99E9-548B77F8CA93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A80207C-044B-462B-9FD4-57303A7DAABF}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0C01769F-5541-46B8-8FA9-B4C268A393A2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0C1EF04C-6218-4892-851B-81AAE2A5B803}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D7D8580-9C05-4061-97CE-299ED7E9D600}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1B6A12FE-94C0-49AD-A99E-218B572A9606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CBA397B-C33E-4427-8683-3DFD98B2980C}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{230BBF20-337C-42DD-9D62-9CF0D526611B}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{26FD479A-C2E7-4BA9-815B-3DBDD2569769}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B375DB0-BFBB-4FA2-B883-971AD30047C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2D2EC517-2491-43DD-AED1-246B5362850D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{2DA5661A-0286-48B2-A157-0FC6F5AF61CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F981F6E-DF6A-4C30-B5F8-C1465BEB4A57}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{30DD5401-98AD-49E2-B4CE-0370B9941602}" = protocol=58 | dir=out | [email protected],-28546 |
"{3357484D-8B2A-4F72-B671-7CADF12418B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{364CEA90-73E8-4B88-8987-7F325FE87303}" = protocol=1 | dir=out | [email protected],-28544 |
"{40EE01D0-5783-460A-A3C2-7F92DAAF9D41}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4DC8CD32-50DE-4C41-BC2D-517993B24856}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5275FE9C-FC78-40F7-8CD9-CCADFCB1C4A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5ABD2EDE-4F7C-41A9-91B3-671340243FCA}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{5F88414A-964C-4CC0-B914-19B43430A038}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{62CD4448-E0CC-49FF-B755-4E7B7A39246D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{646BAD69-3C97-476B-811D-AF4C6C5DF44A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64787DE6-87FB-46FE-ACBA-B183E8E3FAC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6AEEB339-D44E-4201-9D06-A5C6B591A1AF}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{6B310A11-B30E-474F-810A-A3AAFF4315B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{6C2571C0-45A5-407B-B0BD-A9CF2DF340C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{6CD04080-9540-4D85-92FB-CFCBDD49B330}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{759E9A92-B036-4E4A-9516-22ED38CBCB7B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7992745F-CEBB-46BF-83B7-14B21A742AE6}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{7F8D58D0-A927-4862-87C3-243FF3CCF59B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8333ED0F-F55E-4AD8-B33D-4AF7C5E05176}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8BA80F34-7C68-421D-9EC9-8B713C99B838}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{94AEBAC1-F2A4-49A1-83F9-86255014C6A0}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{97FECC87-2D78-424B-8ED1-5B5E35B287AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{994BD382-0B88-4F6F-96DA-1D54F14F8A02}" = protocol=6 | dir=out | app=system |
"{9DD4DF63-E03B-4982-B59F-691A676F317B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9E2168AB-AA79-4C70-A141-29C8A5D4FED8}" = protocol=1 | dir=in | [email protected],-28543 |
"{9E4DDA52-0E1E-49A3-87E1-6FF6430CB7C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A4F6FAF2-9658-47DA-A4F5-96B1CA6410F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{A8540F15-16A6-4122-9587-FC01B563A277}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{A9ED8E66-0DBB-4F3D-8F24-0E246F1D3A3C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{AD1EFD4E-5F2F-4E4D-A96C-D5B2E23E69D4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{B459163D-7D52-482F-960F-40B3AE83335D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7E5F5DB-CEBA-4893-BFA3-EB0EF021A747}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD76A22F-47CC-4CA1-9B30-78F4DC935322}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5DEBEF7-B64D-4C72-9350-3FF7388DBF71}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C8C3CCB7-A861-42CC-A82E-FF55D7DEF252}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C8E52D02-3A94-4479-8632-3DC8411C67D3}" = protocol=58 | dir=in | [email protected],-28545 |
"{C955A725-C634-46FC-8020-7F097F649895}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C977D9BA-2532-473A-82E9-9AD6151A9B03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D55D82F0-47C7-4405-928F-D56478B27005}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D5914AD7-942D-46E5-BAA0-535B1EC0EEDD}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{DF6B9A75-C469-4BBB-A9D7-0DEA832F3161}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ECC35790-9E64-4D59-8E6A-A1ADA2C2EE61}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F218D9E1-DC0D-4433-8B08-DE1138B0D9ED}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{F5C8C53B-F905-4BB8-BC11-1BDB2A0C4FB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D01A0E-16B6-403D-8EAA-B79D46B15938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F689FDFC-2B88-4784-90C2-B1FA7D765788}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"TCP Query User{219952B2-AE62-4C1F-951A-2DB6F70119CA}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{71B7DDC2-6D79-43BA-889C-EC4810DC0D88}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{8AE15409-765B-472D-BDEA-D946DD2546D6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{FC546CBA-3821-4259-81EB-7E8C8C0C4700}C:\program files (x86)\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"AVG" = AVG 2014
"MyPC Backup" = MyPC Backup
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{B25D67C4-E885-43F8-8085-B532F6261529}" = VideoBuzz
"{ea7fa9ad-26fe-499a-bdc2-c6498a9e085c}" = Re-markit
"Adobe AIR" = Adobe AIR
"CCleaner" = CCleaner
"DMUninstaller" = DMUninstaller
"FrostWire 5" = FrostWire 5.5.5
"IDMSQ" = Internet Download Manager² 1.0
"ImgBurn" = ImgBurn
"jollywallet" = jollywallet
"ManyCam" = ManyCam 3.1.16
"Mobogenie" = Mobogenie
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Newzio 1.4" = Newzio 1.4
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Health Kit_is1" = PC Health Kit v3.2
"Plus-HD-1.2" = Plus-HD-1.2
"PricePeep" = PricePeep
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Revo Uninstaller" = Revo Uninstaller 1.94
"SearchProtect" = Search Protect
"VideoPlayer" = VideoPlayer v2.0.6
"VLC media player" = VLC media player 2.0.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
"Define Ext" = Define Ext
"DownloadTerms" = DownloadTerms

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2013 9:43:31 PM | Computer Name = Richard | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x5123410e Faulting module name: IEFRAME.dll, version: 10.0.9200.16736,
time stamp: 0x5258cf1a Exception code: 0xc0000005 Fault offset: 0x0000000000009fbb
Faulting
process ID: 0x2438 Faulting application start time: 0x01cf050089ba9f97 Faulting application
path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SYSTEM32\IEFRAME.dll
Report
ID: c9060394-70f3-11e3-bea0-00266cad965b Faulting package full name: Faulting package-relative
application ID:

Error - 12/29/2013 9:43:34 PM | Computer Name = Richard | Source = MsiInstaller | ID = 1013
Description =

Error - 12/29/2013 9:55:44 PM | Computer Name = Richard | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26ac Start
Time: 01cf0501d3ed034e Termination Time: 328 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 7a4c7ff9-70f5-11e3-bea0-00266cad965b Faulting package
full name: Faulting package-relative application ID:

Error - 12/29/2013 9:56:27 PM | Computer Name = Richard | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3fa8 Start
Time: 01cf050240599e6c Termination Time: 406 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 9437a08f-70f5-11e3-bea0-00266cad965b Faulting package
full name: Faulting package-relative application ID:

Error - 12/29/2013 9:58:22 PM | Computer Name = Richard | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: ntdll.dll, version: 6.2.9200.16578,
time stamp: 0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting
process ID: 0x5cd4 Faulting application start time: 0x01cf0501b763ef8d Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report ID: dc5182c3-70f5-11e3-bea0-00266cad965b Faulting
package full name: Faulting package-relative application ID:

Error - 12/29/2013 9:58:42 PM | Computer Name = Richard | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4d04 Start
Time: 01cf050129786bed Termination Time: 140 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: e54bd840-70f5-11e3-bea0-00266cad965b Faulting package
full name: Faulting package-relative application ID:

Error - 12/30/2013 5:44:14 PM | Computer Name = Richard | Source = MsiInstaller | ID = 11920
Description =

Error - 1/3/2014 2:28:34 AM | Computer Name = Richard | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.2.9200.16628,
time stamp: 0x51a94434 Faulting module name: twinui.dll, version: 6.2.9200.16680,
time stamp: 0x51fb45f3 Exception code: 0xc0000005 Fault offset: 0x0000000000100be2
Faulting
process ID: 0x4324 Faulting application start time: 0x01cf084cf3ce195a Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\twinui.dll
Report
ID: 44d4f037-7440-11e3-bea0-00266cad965b Faulting package full name: Faulting package-relative
application ID:

Error - 1/3/2014 5:17:08 AM | Computer Name = Richard | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.9200.16384, time
stamp: 0x5010a60b Faulting module name: ntdll.dll, version: 6.2.9200.16578, time
stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x00051e8a Faulting process
ID: 0x6524 Faulting application start time: 0x01cf08648dc5d0e1 Faulting application
path: c:\Windows\syswow64\MsiExec.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
ID: d19cadae-7457-11e3-bea0-00266cad965b Faulting package full name: Faulting package-relative
application ID:

Error - 1/4/2014 1:43:27 AM | Computer Name = Richard | Source = .NET Runtime | ID = 1026
Description =

Error - 1/4/2014 1:43:31 AM | Computer Name = Richard | Source = Application Error | ID = 1000
Description = Faulting application name: slsvc.exe, version: 6.2.9200.16384, time
stamp: 0x50298688 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451,
time stamp: 0x50988aa6 Exception code: 0xe0434352 Fault offset: 0x000000000003811c
Faulting
process ID: 0x95c Faulting application start time: 0x01cf090fd940d118 Faulting application
path: C:\Windows\slsvc.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
ID: 241b2c26-7503-11e3-bea3-b4749f712b1f Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 1/3/2014 5:16:37 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 1/3/2014 5:18:37 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Installer service,
but this action failed with the following error: %%1056

Error - 1/3/2014 5:20:26 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a pre-shutdown control.

Error - 1/3/2014 5:23:01 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 1/3/2014 5:23:01 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 1/3/2014 8:19:53 PM | Computer Name = Richard | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:22:23 AM on ?1/?3/?2014 was unexpected.

Error - 1/3/2014 8:20:30 PM | Computer Name = Richard | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 1/3/2014 8:20:30 PM | Computer Name = Richard | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 1/4/2014 12:27:47 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7034
Description = The AVGIDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 1/4/2014 6:15:23 AM | Computer Name = Richard | Source = Service Control Manager | ID = 7034
Description = The AVGIDSAgent service terminated unexpectedly. It has done this
1 time(s).

< End of report >

#2
Essexboy

Posted 04 January 2014 - 07:45 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there does appear to be a tad adware there

Let me know how the computer is behaving after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2013/12/10 10:10:24 | 000,513,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV - [2013/12/16 02:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKLM\..\SearchScopes,DefaultScope = {D581C697-E0A1-4E8E-9021-BA85AEF6D57F}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...67E526778&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{1C3A39F4-25B8-4177-A958-31A52389F6CE}: "URL" = http://asksearch.ask...={searchTerms}
IE - HKCU\..\SearchScopes\{D581C697-E0A1-4E8E-9021-BA85AEF6D57F}: "URL" = http://search.condui...5414927383&UM=2
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V30 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN12389649343274330&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..extensions.enabledAddons: 617adace-7eff-4533-a99b-c3035e421e39%4079b1df57-9584-4f9d-8a2b-ae1803a7ae55.com:0.93.44
FF - prefs.js..extensions.enabledAddons: crossriderapp12555%40crossrider.com:0.93.88
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.23.4
FF - prefs.js..extensions.enabledAddons: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.124
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12389649343274330&UM=2&q="
[2014/01/03 18:01:29 | 000,000,000 | ---D | M] (MixiDJ V30) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
[2013/12/29 17:36:57 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/12/29 17:16:27 | 000,000,000 | ---D | M] ("Plus-HD-1.2") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com
[2013/11/22 14:54:04 | 000,000,000 | ---D | M] ("Newzio 1.4") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com
[2014/01/03 18:01:40 | 000,000,000 | ---D | M] ("jollywallet") -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2013/07/22 01:31:26 | 000,000,000 | ---D | M] (GetSavin) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack
[2013/11/22 14:52:47 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack
[2013/12/29 17:37:39 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2014/01/03 18:01:31 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan
[2014/01/03 02:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData
[2014/01/03 02:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\plugins
[2014/01/03 02:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\userCode
[2014/01/03 02:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData
[2014/01/03 02:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\plugins
[2014/01/03 02:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\userCode
[2014/01/03 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData
[2014/01/03 18:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\plugins
[2014/01/03 18:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\userCode
[2013/05/31 12:19:14 | 000,053,942 | ---- | M] () (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2014/01/03 17:40:21 | 000,530,247 | ---- | M] () (No name found) -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]
[2013/04/20 21:47:09 | 000,002,508 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\ask-search.xml
[2014/01/04 02:59:29 | 000,000,969 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit-search.xml
[2013/12/29 17:18:55 | 000,000,850 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit.xml
[2014/01/03 22:43:02 | 000,004,136 | ---- | M] () -- C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\SweetIM Search.xml
[2013/11/22 14:52:29 | 000,005,702 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\RE-MARKIT\135.XPI
[2013/12/29 17:08:04 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF
O2:64bit: - BHO: (jollywallet) - {11111111-1111-1111-1111-110111251155} - C:\Program Files (x86)\jollywallet\jollywallet-bho64.dll (jollywallet)
O2:64bit: - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll (Plus HD)
O2:64bit: - BHO: (Newzio 1.4) - {11111111-1111-1111-1111-110411081152} - C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho64.dll (AlgoClicks)
O2 - BHO: (no name) - {078B4C00-A911-41F3-9FD1-E07ACA3FFA55} - No CLSID value found.
O2 - BHO: (Re-markit) - {0f03b11d-409d-4280-8e9a-1eba82866e4e} - C:\Program Files (x86)\Re-markit\135.dll ()
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} - No CLSID value found.
O2 - BHO: (jollywallet) - {11111111-1111-1111-1111-110111251155} - C:\Program Files (x86)\jollywallet\jollywallet-bho.dll (jollywallet)
O2 - BHO: (Plus-HD-1.2) - {11111111-1111-1111-1111-110311121155} - C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll (Plus HD)
O2 - BHO: (Newzio 1.4) - {11111111-1111-1111-1111-110411081152} - C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho.dll (AlgoClicks)
O2 - BHO: (Webexp Enhanced) - {1b427ba3-08c1-419d-8a7e-90e527e5a76e} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ie\WebexpEnhancedV1alpha2079.dll ()
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Cowboys\AppData\Local\DownloadTerms\temp.dat ()
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Cowboys\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (Idmsq Extension) - {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} - C:\Users\Cowboys\AppData\Roaming\IDMSQ\idmsqext.dll (Or Interactive Ltd)
O2 - BHO: (no name) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - No CLSID value found.
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Cowboys\AppData\Local\DefineExt\temp.dat ()
O2 - BHO: (no name) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - No CLSID value found.
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O4 - HKCU..\Run: [NextLive] C:\Users\Cowboys\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
[2013/12/29 17:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2013/12/29 17:39:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\VideoBuzz
[2013/12/29 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoBuzz
[2013/12/29 17:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno
[2013/12/29 17:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winferno
[2013/12/29 17:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/29 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/29 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/29 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Roaming\newnext.me
[2013/12/29 17:16:26 | 000,000,000 | ---D | C] -- C:\Users\Cowboys\AppData\Local\genienext
[2013/12/29 17:08:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/29 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1
[2013/12/09 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/12/29 17:18:17 | 000,001,097 | ---- | C] () -- C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/04/03 13:00:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\L
[2013/04/03 13:00:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\U
[2013/12/29 17:18:20 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

:Files
C:\Program Files (x86)\SearchProtect

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

#3
x_LUIS_X

Posted 04 January 2014 - 05:16 PM

Member

Topic Starter
Member
153 posts

Thank you Essexboy for your help i can use the internet explorer again without problem this are the logs

otl

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe moved successfully.
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C3A39F4-25B8-4177-A958-31A52389F6CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C3A39F4-25B8-4177-A958-31A52389F6CE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D581C697-E0A1-4E8E-9021-BA85AEF6D57F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D581C697-E0A1-4E8E-9021-BA85AEF6D57F}\ not found.
Prefs.js: "Conduit Search" removed from browser.search.defaultenginename
Prefs.js: "MixiDJ V30 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask Search" removed from browser.search.order.1
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Prefs.js: 617adace-7eff-4533-a99b-c3035e421e39%4079b1df57-9584-4f9d-8a2b-ae1803a7ae55.com:0.93.44 removed from extensions.enabledAddons
Prefs.js: crossriderapp12555%40crossrider.com:0.93.88 removed from extensions.enabledAddons
Prefs.js: wecarereminder%40bryan:4.1.23.4 removed from extensions.enabledAddons
Prefs.js: 39e612de-2951-40c2-ab4a-82e121c42778%404e0cecc2-7c67-4374-bc4c-f15656d80ab7.com:0.93.124 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...274330&UM=2&q=" removed from keyword.URL
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Plugins folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\modules folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\META-INF folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\components\mam folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\components folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\mam\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\mam folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\sl folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\core folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\wa folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\menu folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\gf folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ui folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\sp folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\options\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\options\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\options\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\options folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\msd folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\api folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ac\res folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ac\img folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ac\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\ac folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al\aboutBox folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb\al folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\tb folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic\uninstall\dialog folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic\uninstall folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content\logic folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome\CT3298566 folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\skin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\locale\en-US folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\locale folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\userCode folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\plugins folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\chrome\content\core folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\chrome\content\api folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\chrome\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\skin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\locale\en-US folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\locale folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\userCode folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\plugins folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\chrome\content\core folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\chrome\content\api folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\chrome\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\userCode folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\plugins folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome\content\core folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome\content\api folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected] folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\getsavin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\api-utils folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\locale folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\getsavin@jetpack folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\api-utils folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\resources folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\locale folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\ScorpionSaver@jetpack folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected] folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\META-INF folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\defaults\preferences folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\defaults folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\components folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\chrome\logo folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan\chrome folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\wecarereminder@bryan folder moved successfully.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\plugins\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com\extensionData\userCode\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\plugins\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\617adace-7eff-4533-a99b-c3035e421e39@79b1df57-9584-4f9d-8a2b-ae1803a7ae55.com\extensionData\userCode\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\plugins\ not found.
Folder C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected]\extensionData\userCode\ not found.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected] moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\extensions\[email protected] moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\ask-search.xml moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit-search.xml moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\conduit.xml moved successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\searchplugins\SweetIM Search.xml moved successfully.
C:\Program Files (x86)\Re-markit\135.xpi moved successfully.
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF\chrome\content\icons\default folder moved successfully.
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF\chrome\content\icons folder moved successfully.
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA2079\FF folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111251155}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111251155}\ deleted successfully.
C:\Program Files (x86)\jollywallet\jollywallet-bho64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411081152}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411081152}\ deleted successfully.
C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{078B4C00-A911-41F3-9FD1-E07ACA3FFA55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{078B4C00-A911-41F3-9FD1-E07ACA3FFA55}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f03b11d-409d-4280-8e9a-1eba82866e4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f03b11d-409d-4280-8e9a-1eba82866e4e}\ deleted successfully.
C:\Program Files (x86)\Re-markit\135.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111251155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111251155}\ deleted successfully.
C:\Program Files (x86)\jollywallet\jollywallet-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121155}\ deleted successfully.
C:\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411081152}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411081152}\ deleted successfully.
C:\Program Files (x86)\Newzio 1.4\Newzio 1.4-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b427ba3-08c1-419d-8a7e-90e527e5a76e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b427ba3-08c1-419d-8a7e-90e527e5a76e}\ deleted successfully.
File C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ie\WebexpEnhancedV1alpha2079.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
C:\Users\Cowboys\AppData\Local\DownloadTerms\temp.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ deleted successfully.
C:\Users\Cowboys\AppData\Local\ArcadeParlor\Arcadeparlor.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44a2-B09F-0457857CA7C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AA4FC9D-FB51-44a2-B09F-0457857CA7C2}\ deleted successfully.
C:\Users\Cowboys\AppData\Roaming\IDMSQ\idmsqext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
C:\Users\Cowboys\AppData\Local\DefineExt\temp.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ deleted successfully.
File C:\Program Files (x86)\PricePeep\pricepeep.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\Cowboys\AppData\Roaming\newnext.me\nengine.dll moved successfully.
C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.
c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\optimi~1\optpro~1.dll deleted successfully.
C:\ProgramData\Winferno\RegPowerClean folder moved successfully.
C:\ProgramData\Winferno folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{9AA766EC-89D4-48D9-8E01-7B25AF16A1A9} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{545CCF9B-418D-4DFA-8F77-6C953008D770} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{098E866C-4D97-4413-8C9E-8812C30B093F} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\VideoBuzz\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\VideoBuzz\Local Store folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\VideoBuzz\#airversion folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\VideoBuzz folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoBuzz folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno\Registry Power Cleaner folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno folder moved successfully.
C:\Program Files (x86)\Winferno\RegistryPowerCleaner folder moved successfully.
C:\Program Files (x86)\Winferno folder moved successfully.
C:\Program Files\Uninstaller folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup folder moved successfully.
C:\Program Files (x86)\MyPC Backup\~updates folder moved successfully.
C:\Program Files (x86)\MyPC Backup\x86 folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\x64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\MyPC Backup\Resources\keycache scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\Resources scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\Database scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup scheduled to be moved on reboot.
C:\Users\Cowboys\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\Cowboys\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\Cowboys\AppData\Local\genienext folder moved successfully.
C:\Windows\SysWow64\SearchProtect\Logs folder moved successfully.
C:\Windows\SysWow64\SearchProtect folder moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ie folder moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ch folder moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079 folder moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1 folder moved successfully.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
File C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\L folder moved successfully.
C:\$Recycle.bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05\U folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
========== FILES ==========
C:\Program Files (x86)\SearchProtect\UI\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\UI folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\rep folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\Logs folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\Main folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Cowboys
->Temp folder emptied: 27882614 bytes
->Temporary Internet Files folder emptied: 8278865 bytes
->FireFox cache emptied: 51818004 bytes
->Flash cache emptied: 61977 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 482126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 48076 bytes
RecycleBin emptied: 198689 bytes

Total Files Cleaned = 85.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01042014_153149

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\MyPC Backup\x64 scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Resources\keycache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Database folder moved successfully.
C:\Program Files (x86)\MyPC Backup\~updates folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\x64 scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup scheduled to be moved on reboot.
C:\Users\Cowboys\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.016 - Report created 04/01/2014 at 15:57:33
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8 Pro with Media Center (64 bits)
# Username : Cowboys - RICHARD
# Running from : C:\Users\Cowboys\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PC Health Kit
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\Re-markit
Folder Deleted : C:\Program Files (x86)\jollywallet
Folder Deleted : C:\Program Files (x86)\Newzio 1.4
Folder Deleted : C:\Program Files (x86)\Plus-HD-1.2
Folder Deleted : C:\Users\Cowboys\AppData\Local\Conduit
Folder Deleted : C:\Users\Cowboys\AppData\Local\DefineExt
Folder Deleted : C:\Users\Cowboys\AppData\Local\DownloadTerms
Folder Deleted : C:\Users\Cowboys\AppData\Local\getsavin
Folder Deleted : C:\Users\Cowboys\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Cowboys\AppData\Local\jollywallet
Folder Deleted : C:\Users\Cowboys\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cowboys\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cowboys\AppData\LocalLow\jollywallet
Folder Deleted : C:\Users\Cowboys\AppData\LocalLow\Newzio 1.4
Folder Deleted : C:\Users\Cowboys\AppData\LocalLow\Plus-HD-1.2
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\PC Health Kit
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\Smartbar
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\ValueApps
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\Extensions\39e612de-2951-40c2-ab4a-82e121c42778@4e0cecc2-7c67-4374-bc4c-f15656d80ab7.com
Folder Deleted : C:\Users\Cowboys\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
Folder Deleted : C:\Users\Cowboys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl
Folder Deleted : C:\Users\Cowboys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohgcplgnbmgomjjknajcofkchihnbaj
Folder Deleted : C:\Users\Cowboys\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpcbdkoekecjkbjeccbapdkpcmoiloa
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Cowboys\Desktop\MyPC Backup.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\Re-markit Update.job
File Deleted : C:\Windows\System32\Tasks\Re-markit Update
File Deleted : C:\Windows\Tasks\Newzio 1.4-updater.job
File Deleted : C:\Windows\System32\Tasks\Newzio 1.4-updater
File Deleted : C:\Windows\Tasks\Plus-HD-1.2-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.2-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-1.2-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.2-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-1.2-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.2-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-1.2-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.2-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-1.2-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.2-updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Health Kit]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0012555.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031255.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040852.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040852.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040852.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040852.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122252255}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122255}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422082252}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125555}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455085552}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466086652}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144254455}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124455}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444084452}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{214d6a46-f98e-4030-93a2-23f90b8583ea}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26e819ca-8cfa-44f4-b1db-10a2ba3ca435}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35be7578-e3cf-49d4-b625-bc926608f80d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afb9dd94-30e4-40a1-9cd8-5dd03ad214f8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eb080cc2-35c2-49ae-885b-23ceb0ea8357}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e6bde5c-bba6-44da-a938-91d354b39fb4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9b7c0f37-c9f5-4bce-a46a-0c46ffbc3712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc1808b2-36b1-445e-83e5-fe69092bffa6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e135e541-0795-47fc-8f39-5404335d386c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f069af69-e6ae-43ed-b544-963741851812}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499aeb8b-4cc8-4394-ad51-f3303f2a6efd}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7edf3256-bd17-4262-9e0c-2dc280b73162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8640a1ee-a666-4c07-b9fc-befd25bee550}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e9d5e14-9713-4f05-bc02-01a9f6173ec1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a85b149f-83ee-4b12-aaaa-35319d3e039e}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122252255}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122255}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422082252}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155255555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125555}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455085552}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166256655}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466086652}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{214d6a46-f98e-4030-93a2-23f90b8583ea}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26e819ca-8cfa-44f4-b1db-10a2ba3ca435}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35be7578-e3cf-49d4-b625-bc926608f80d}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afb9dd94-30e4-40a1-9cd8-5dd03ad214f8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eb080cc2-35c2-49ae-885b-23ceb0ea8357}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e6bde5c-bba6-44da-a938-91d354b39fb4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9b7c0f37-c9f5-4bce-a46a-0c46ffbc3712}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc1808b2-36b1-445e-83e5-fe69092bffa6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e135e541-0795-47fc-8f39-5404335d386c}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f069af69-e6ae-43ed-b544-963741851812}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499aeb8b-4cc8-4394-ad51-f3303f2a6efd}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7edf3256-bd17-4262-9e0c-2dc280b73162}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8640a1ee-a666-4c07-b9fc-befd25bee550}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e9d5e14-9713-4f05-bc02-01a9f6173ec1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a85b149f-83ee-4b12-aaaa-35319d3e039e}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\PC Health Kit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\jollywallet
Key Deleted : HKCU\Software\AppDataLow\Software\Newzio 1.4
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\jollywallet
Key Deleted : HKLM\Software\Newzio 1.4
Key Deleted : HKLM\Software\Plus-HD-1.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Kit_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jollywallet
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Newzio 1.4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.2
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\prefs.js ]

Line Deleted : user_pref("CT3298566.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3298566.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3298566.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.FirstTime", "true");
Line Deleted : user_pref("CT3298566.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298566.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MjYyMDk5NQ==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NTA2MzUwMw==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTA=");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3NTA3MDQ4Mg==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM3NDYyMDg3NA==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3NDYyMTEzMg==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=beat%2Bthis%2Bsummer%2Bwith%2Byou&l=www.slack-time.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyNDk0NQ==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=epcc&l=www.epcc.edu&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyMTEwMw==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=google&l=www.bing.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyMTI1OQ==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=miley%2Bcyrus&l=www.youtube.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyMDkyMg==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=netflix&l=my-uq.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDY0NjIyNw==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=netflix&l=www.bing.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDY0NjIyNw==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=we%2Bcan't%2Bstop%2Bmiley%2Bcyrus&l=www.slack-time.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyMTI4Nw==");
Line Deleted : user_pref("CT3298566.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=youtube&l=www.bing.com&t=2&v=0.4&d=conduit2.enc", "MTM3NDYyMDkxOA==");
Line Deleted : user_pref("CT3298566.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3298566.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3298566.SF_USER_ID.enc", "Y2lkXzI3NTIwMTMxNDM4MTYxNjEyNzA=");
Line Deleted : user_pref("CT3298566.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12389649343274330&UM=2&q=");
Line Deleted : user_pref("CT3298566.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3298566.UserID", "UN12389649343274330");
Line Deleted : user_pref("CT3298566.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3298566.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjJMclV2dTFtbFdjbyUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyTWlsZXklMjBDeXJ1cyUyMC0lMjBXZSUyMENhbid0JTIwU3RvcCUyMiUyQyUyMmF1dGhvciUyMiUzQSUyMk1p[...]
Line Deleted : user_pref("CT3298566._key_edilia__uID", "%E9%EB%EC%BD%B7%B9%E9%BF%B3%BD%BC%E9%BD%B3%BA%B7%B6%BF%B3%E7%E8%EB%B8%B3%EA%B7%BF%EC%EA%B6%BD%E7%EA%BB%E9%EA");
Line Deleted : user_pref("CT3298566._key_edilia__uID.enc", "Y2VmNzEzYzktNzZjNy00MTA5LWFiZTItZDE5ZmQwN2FkNWNk");
Line Deleted : user_pref("CT3298566.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3298566.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.autoDisableScopes", -1);
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.cbfirsttime.enc", "TW9uIE1heSAyNyAyMDEzIDE0OjM4OjIwIEdNVC0wNjAwIChNb3VudGFpbiBTdW1tZXIgVGltZSk=");
Line Deleted : user_pref("CT3298566.countryCode", "US");
Line Deleted : user_pref("CT3298566.defaultSearch", "true");
Line Deleted : user_pref("CT3298566.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AyIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3298566.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzc1MDYzODMwMDg4LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3298566.discover-user-id.enc", "IjI0MzNiYmNmLWM5MDgtNDQ0Zi04OTM2LTRjN2UyZjYyYWVlMSI=");
Line Deleted : user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3298566.enableAlerts", "true");
Line Deleted : user_pref("CT3298566.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3298566.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3298566.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298566.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3298566.fixUrls", true);
Line Deleted : user_pref("CT3298566.fullUserID", "UN12389649343274330.UP.20130627164927");
Line Deleted : user_pref("CT3298566.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3298566.homepageuserchanged", true);
Line Deleted : user_pref("CT3298566.impression_counter.enc", "Mg==");
Line Deleted : user_pref("CT3298566.impression_session_counter", "%B6");
Line Deleted : user_pref("CT3298566.impression_session_counter.enc", "MA==");
Line Deleted : user_pref("CT3298566.impression_session_id", "%A8%BE%EB%E8%E8%BD%BF%EC%B9%B3%E7%BE%EA%BE%B3%BA%B7%B6%B7%B3%BE%BB%BF%B7%B3%EB%BE%B9%BD%BA%BE%B9%B7%B7%B6%B7%BE%A8");
Line Deleted : user_pref("CT3298566.impression_session_id.enc", "IjhlYmI3OWYzLWE4ZDgtNDEwMS04NTkxLWU4Mzc0ODMxMTAxOCI=");
Line Deleted : user_pref("CT3298566.impression_session_last_active", "%B7%B9%BE%BB%B7%BB%B9%B7%BD%BC%B8%B6%B7");
Line Deleted : user_pref("CT3298566.impression_session_last_active.enc", "MTM4NTE1MzE3NjIwMQ==");
Line Deleted : user_pref("CT3298566.installDate", "23/5/2013 10:34:31");
Line Deleted : user_pref("CT3298566.installId", "cid111");
Line Deleted : user_pref("CT3298566.installSessionId", "{153BDA8A-D014-4668-AF7C-3265888EAF59}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3298566.installUsage", "2013-05-27T23:38:05.3651063+03:00");
Line Deleted : user_pref("CT3298566.installUsageEarly", "2013-05-23T19:42:12.8453203+03:00");
Line Deleted : user_pref("CT3298566.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3298566.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298566.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3298566.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN12389649343274330&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3298566.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3298566.mam_gk_appStateReportTime", "%B7%B9%BE%BB%B7%BB%B9%B7%BC%BC%B8%BB%BD");
Line Deleted : user_pref("CT3298566.mam_gk_appStateReportTime.enc", "MTM4NTE1MzE2NjI1Nw==");
Line Deleted : user_pref("CT3298566.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3298566.mam_gk_appState_Discover_Apps.enc", "b24=");
Line Deleted : user_pref("CT3298566.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3298566.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3298566.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJhcHAxMyIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvZWRpbGlhL2VkaWxpYS5odG1sIiwic2NyaXB0VX[...]
Line Deleted : user_pref("CT3298566.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3298566.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3298566.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_currentBadgeValue.enc", "MA==");
Line Deleted : user_pref("CT3298566.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");
Line Deleted : user_pref("CT3298566.mam_gk_currentVersion.enc", "MS4xMS40LjI=");
Line Deleted : user_pref("CT3298566.mam_gk_eventsCache.enc", "eyJjMWUzYjVhMy1iMDFiLTRjMzEtYjMwNi1jMWFjNTIyN2RjOGEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3298566.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3298566.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3298566.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298566.mam_gk_lastLoginTime", "%B7%B9%BE%BB%B7%BB%B9%B7%BC%BC%BF%B7%BE");
Line Deleted : user_pref("CT3298566.mam_gk_lastLoginTime.enc", "MTM4NTE1MzE2NjkxOA==");
Line Deleted : user_pref("CT3298566.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3298566.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_newApps", "%E1%E3");
Line Deleted : user_pref("CT3298566.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3298566.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3298566.mam_gk_settings1.11.4.2", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3298566.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3298566.mam_gk_settings1.6.0.99.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzJfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQi[...]
Line Deleted : user_pref("CT3298566.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3298566.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3298566.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3298566.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298566.mam_gk_stamp", "%BE%BC%E5%B6");
Line Deleted : user_pref("CT3298566.mam_gk_stamp.enc", "ODZfMA==");
Line Deleted : user_pref("CT3298566.mam_gk_userId", "%B6%BF%BB%BA%BF%BE%BB%BD%B3%EB%EA%BC%E7%B3%BA%B7%BF%EC%B3%E7%BD%BD%BF%B3%B8%E7%BB%B7%BD%B7%E7%E7%EB%B6%B9%BB");
Line Deleted : user_pref("CT3298566.mam_gk_userId.enc", "MDk1NDk4NTctZWQ2YS00MTlmLWE3NzktMmE1MTcxYWFlMDM1");
Line Deleted : user_pref("CT3298566.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3298566.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3298566.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3298566.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3298566.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F336175-laptop-spyware-and-viruses-cleanup%2Fpage__pid__2363528%23entry2363528\",[...]
Line Deleted : user_pref("CT3298566.openThankYouPage", "false");
Line Deleted : user_pref("CT3298566.openUninstallPage", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "hxxp://www.search.ask.com/?l=dis&o=APN10271&gct=hp&apn_ptnrs=^AH2&apn_dtid=^zzz000^YY^US&p2=^AH2^zzz000^YY^US&tpid=FWV5-SAT&apn_dbr=ff_19.0&apn_uid=9CD11A50-0B[...]
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "Ask Search");
Line Deleted : user_pref("CT3298566.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3298566.rematchGround-country-code", "%A8%DB%D9%A8");
Line Deleted : user_pref("CT3298566.rematchGround-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3298566.rematch_agent_dups", "%u0101%A8%EE%FA%FA%F6%C0%B5%B5%F9%EB%E7%F8%E9%EE%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%C5%E9%FA%EF%EA%C3%C9%DA%B9%B8%BF%BE%BB%BC%BC%AC%F5%E9%FA%EF%EA%C3%C9%[...]
Line Deleted : user_pref("CT3298566.rematch_agent_dups.enc", "eyJodHRwOi8vc2VhcmNoLmNvbmR1aXQuY29tLz9jdGlkPUNUMzI5ODU2NiZvY3RpZD1DVDMyOTg1NjYmU2VhcmNoU291cmNlPTYxJkNVST1VTjEyMzg5NjQ5MzQzMjc0MzMwJlVNPTImVVA9U1BBRTQxN[...]
Line Deleted : user_pref("CT3298566.rematchagent-periodic-reports", "%u0101%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BB%B7%BB%B9%B7%BC%BF%B6%B6%B9%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3%u0103");
Line Deleted : user_pref("CT3298566.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzg1MTUzMTY5MDAzLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3298566.rematchagent-user-id", "%A8%BF%EA%BC%B8%BD%BE%B8%BE%B3%EB%BB%B6%E7%B3%BA%E9%BA%B9%B3%E7%BA%EC%BD%B3%BB%EA%BB%EA%BB%EC%B8%B7%B6%BA%B9%BA%A8");
Line Deleted : user_pref("CT3298566.rematchagent-user-id.enc", "IjlkNjI3ODI4LWU1MGEtNGM0My1hNGY3LTVkNWQ1ZjIxMDQzNCI=");
Line Deleted : user_pref("CT3298566.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3298566.search.searchAppId", "130110228003246321");
Line Deleted : user_pref("CT3298566.search.searchCount", "0");
Line Deleted : user_pref("CT3298566.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.searchRevert", "true");
Line Deleted : user_pref("CT3298566.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298566\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV30.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V30 \"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_services_Configuration_lastUpdate", "1388828461629");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1388362739045");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appsMetadata_lastUpdate", "1388828461626");
Line Deleted : user_pref("CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1388362739199");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369327331188");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369687083419");
Line Deleted : user_pref("CT3298566.serviceLayer_services_location_lastUpdate", "1372179784705");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.1.902_lastUpdate", "1370559840745");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372179787977");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373488503766");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.7.524_lastUpdate", "1374564186701");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377988526754");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.19.2.505_lastUpdate", "1385157403296");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.22.5.510_lastUpdate", "1388795011724");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388873680618");
Line Deleted : user_pref("CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1388362739460");
Line Deleted : user_pref("CT3298566.serviceLayer_services_searchAPI_lastUpdate", "1388828461625");
Line Deleted : user_pref("CT3298566.serviceLayer_services_serviceMap_lastUpdate", "1388828461621");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388828461624");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarSettings_lastUpdate", "1388873681063");
Line Deleted : user_pref("CT3298566.serviceLayer_services_translation_lastUpdate", "1388828461622");
Line Deleted : user_pref("CT3298566.settingsINI", true);
Line Deleted : user_pref("CT3298566.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3298566.showToolbarPermission", "false");
Line Deleted : user_pref("CT3298566.smartbar.CTID", "CT3298566");
Line Deleted : user_pref("CT3298566.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");
Line Deleted : user_pref("CT3298566.startPage", "true");
Line Deleted : user_pref("CT3298566.toolbarBornServerTime", "27-5-2013");
Line Deleted : user_pref("CT3298566.toolbarCurrentServerTime", "4-1-2014");
Line Deleted : user_pref("CT3298566.toolbarLoginClientTime", "Mon May 27 2013 14:38:03 GMT-0600 (Mountain Summer Time)");
Line Deleted : user_pref("CT3298566.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%B4%EA%F8%EF%FC%EB%F8%FB%F6%EA%E7%FA%EB%B4%F4%EB%FA%B5%EF%F4%EF%FA%E5%EA%F2%B4%F6%EE%F6%C5%F6%E7%F8%FA%F4%EB%F8%C3%E7%EC%FA%EB%F8%[...]
Line Deleted : user_pref("CT3298566.url_history0001.enc", "aHR0cDovL3d3dy5kcml2ZXJ1cGRhdGUubmV0L2luaXRfZGwucGhwP3BhcnRuZXI9YWZ0ZXJkb3dubG9hZDo6OmNsaWNraGFuZGxlcjo6OjEzODUxNTk3NDk4MjEsLCxodHRwOi8vd3d3LmRyaXZlcnVwZGF0[...]
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.16.1.902");
Line Deleted : user_pref("CT3298566.wreck-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3298566.wreck-experiments-craigslistDesign.enc", "eyJuYW1lIjoiYmxhY2siLCJ2ZXJzaW9uIjo0fQ==");
Line Deleted : user_pref("CT3298566.wreck-experiments-youtubeDesign.enc", "eyJuYW1lIjoiZ3JlZW4iLCJ2ZXJzaW9uIjo0fQ==");
Line Deleted : user_pref("CT3298566.wreck-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzcwNTU5NzM4MDcwLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3298566.wreck-user-id.enc", "IjhjYmE4ZDhhLTJkYWUtNGVjZS04MDgyLTUwODkxY2I1ZjQwMSI=");
Line Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388873676282,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN12389649343274330&UM=2&UP=SPAE4151F7-74D1-43A0-8942-67A67E526778");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN12389649343274330");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3316206&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPAE4151F7-74D1-43A0-8942-67A67E526778");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.InstallationTime", 1388362492);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.active", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.addressbar", "NA");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.backgroundver", 3);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.changeprevious", false);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)")[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.InstallationTime.value", "%221388362492%22");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000829%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.cookie.jw_token.value", "%227d9e6cd2-2b8d-33f8-b96b-4e0829688c59%22");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.description", "Turn YouTube videos to High Definition by default");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.domain", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.enablesearch", false);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.homepage", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.iframe", false);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22040E40F371BE406D89DC629F85BBC[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000829%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000829%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22040E40F371BE406D89DC[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Tim[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_appVer.value", "126");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standar[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_nextCheck.expiration", "Sat Jan 04 2014 21:16:49 GMT-0700 (Mountain Standard [...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain St[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22040E40F3[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Jan 05 2014 03:30:54 GMT-[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//api.bizographics.com/v[...]
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.lastDailyReport", "1388873685577");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.lastUpdate", "1388873809682");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.manifesturl", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.name", "Plus-HD-1.2");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.newtab", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.opensearch", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/31255/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.pluginsversion", 118);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.publisher", "Plus HD");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.searchstatus", 0);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.setnewtab", false);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.thankyou", "");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.updateinterval", 360);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.31255.ver", 126);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.apps", "31255");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.bic", "14281cebbe9a38477f20f4f8edcdbff5");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.cid", 31255);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.firstrun", false);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.hadappinstalled", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.installationdate", 1388362724);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.modetype", "production");
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.reportInstall", true);
Line Deleted : user_pref("extensions.a39e612de295140c2ab4a82e121c427784e0cecc27c674374bc4cf15656d80ab7com31255.statsDailyCounter", 5);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.InstallationTime", 1385157279);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.active", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.addressbar", "NA");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.backgroundver", 1);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.changeprevious", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)")[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie.InstallationTime.value", "1385157279");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_aoi.value", "%221385158560%22");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_parent_zoneid.value", "%22432849%22");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie._GPL_zoneid.value", "%22433145%22");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.cookie.jw_token.value", "%228c374e90-2447-04f3-9cbe-945c96186fdf%22");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.description", "Trending news content always at your fingertips");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.domain", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.enablesearch", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.homepage", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.iframe", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22040E40F371BE406D89DC629F85BBC[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000393%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22040E40F371BE406D89DC[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Tim[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_appVer.value", "65");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standar[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_lastVersion.value", "9");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_nextCheck.expiration", "Sat Jan 04 2014 21:16:49 GMT-0700 (Mountain Standard [...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain St[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb._country_code_.value", "%22US%22");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22040E40F3[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Jan 05 2014 03:30:54 GMT-[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//api.bizographics.com/v[...]
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.lastDailyReport", "1388873674460");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.lastUpdate", "1388873809447");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.manifesturl", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.name", "Newzio 1.4");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.newtab", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.opensearch", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/40852/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.pluginsversion", 47);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.publisher", "AlgoClicks");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.searchstatus", 0);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.setnewtab", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.thankyou", "");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.updateinterval", 360);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.40852.ver", 65);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.apps", "40852");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.bic", "14281cebbe9a38477f20f4f8edcdbff5");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.cid", 40852);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.firstrun", false);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.hadappinstalled", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.installationdate", 1385157279);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.modetype", "production");
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.reportInstall", true);
Line Deleted : user_pref("extensions.a617adace7eff4533a99bc3035e421e3979b1df5795844f9d8a2bae1803a7ae55com40852.statsDailyCounter", 7);
Line Deleted : user_pref("extensions.crossrider.bic", "14281cebbe9a38477f20f4f8edcdbff5");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationTime", 1385157160);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.active", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.addressbar", "NA");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.backgroundver", 21);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallationTime.value", "1385157160");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22101%22%2C%22sub_id%22%3A%2210%22%2C%22uzid%22%3A%222594%22%7D");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.cookie.jw_token.value", "%22ccaa449b-88e5-0878-2de5-9433c0eb99ff%22");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.description", "jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, VictoriasSecret.com, Best[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.domain", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22040E40F371BE406D89DC629F85BBCF7BIE%22%2C%22installer_verifier%22%3A%226dbdd7ae7d2f41[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22101%22%2C%22sub_id%22%3A%2210%22%2C%22uzid%22%3A%222594%22%7D");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_appVer.value", "88");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_lastVersion.value", "464");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_meta.value", "%7B%22images/logo_37x37.png%22%3A%7B%22id%22%3A461575%2C%22ver%22%3A464%2C%22status%22%3A1%2C%22name%22%3A%22images/lo[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_nextCheck.expiration", "Sat Jan 04 2014 21:16:49 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461575.expiration", "Fri Apr 04 2014 05:18:12 GMT-0600 (Mountain Summer Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461575.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAACUAAAAlCAYAAADFniADAAAAAXNSR0IArs4c6QAAAARnQU1BAACx[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461576.expiration", "Sat Mar 29 2014 18:21:34 GMT-0600 (Mountain Summer Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461576.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAABGdBTUEAALGPC/xhBQAAAAlwSFlz[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461577.expiration", "Sat Mar 29 2014 18:21:34 GMT-0600 (Mountain Summer Time)");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.internaldb.Resources_resource_461577.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABGdBTUEAALGPC/xhBQAAAAlwSFlz[...]
Line Deleted : user_pref("extensions.crossriderapp12555.12555.lastDailyReport", "1388873674464");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.lastUpdate", "1388873809589");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.name", "jollywallet");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/12555/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.pluginsversion", 18);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.publisher", "jollywallet");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.thankyou", "hxxp://www.jollywallet.com/jollywallet/welcome");
Line Deleted : user_pref("extensions.crossriderapp12555.12555.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp12555.12555.ver", 88);
Line Deleted : user_pref("extensions.crossriderapp12555.apps", "12555");
Line Deleted : user_pref("extensions.crossriderapp12555.bic", "14281cebbe9a38477f20f4f8edcdbff5");
Line Deleted : user_pref("extensions.crossriderapp12555.cid", 12555);
Line Deleted : user_pref("extensions.crossriderapp12555.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp12555.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp12555.installationdate", 1385157279);
Line Deleted : user_pref("extensions.crossriderapp12555.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp12555.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp12555.statsDailyCounter", 7);
Line Deleted : user_pref("extensions.dynconff.cache.a.advertisernets.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1146_1169_1263_1348_1482_1493_1521_1717\">\r\n <content id=\"MB_P1\">\r\n <n[...]
Line Deleted : user_pref("extensions.dynconff.cache.platform.twitter.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1146_1169_1263_1348_1482_1493_1521_1717\">\r\n <content id=\"MB_P1\">\r\n <n[...]
Line Deleted : user_pref("extensions.dynconff.cache.trackingpurpose.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1146_1169_1263_1348_1482_1493_1521_1717\">\r\n <content id=\"MB_P1\">\r\n <ne[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.bleepingcomputer.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1146_1169_1476_1263_1348_1482_1493_1521_1717\">\r\n <content id=\"MB_P1\">\[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.geekstogo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1146_1169_1263_1348_1482_1493_1521_1717\">\r\n <content id=\"MB_P1\">\r\n <newj[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN12389649343274330&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN12389649343274330&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?oct[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.machineId", "W9P0NEKEJG79AB+XMXIFBJVLSC23ROHYKVIUKZ9C7EGNZZXSOZTO9WLHM4RRFK7C9ONN7OWOEVOUN5NJFTBNXW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN12389649343274330&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3298566./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");
Line Deleted : user_pref("valueApps.CT3298566./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E06CG5EL8:", "6E6D696A6C6B70746E76");
Line Deleted : user_pref("valueApps.CT3298566./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F707271767A747C242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3298566./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./[email protected]", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3298566./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3G>D", "6C3C3C6A406B756F7A7245744A204A77794B25517A20542A245753245529292B2E5C5B5D");
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3298566./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Line Deleted : user_pref("valueApps.CT3298566./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3298566./9B/>01=9A6K6<IM;[email protected]", false);
Line Deleted : user_pref("valueApps.CT3298566./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3298566./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B5BA==9CJAG", "6C683C6C73406C757A70734946777477207C797B4F");
Line Deleted : user_pref("valueApps.CT3298566./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B6B11G4C56B>F;P;ANR@P", "6E6D696A6C6B7073777878737B");
Line Deleted : user_pref("valueApps.CT3298566./9B6B11G4C56B>F;P;[email protected]", false);
Line Deleted : user_pref("valueApps.CT3298566./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3298566./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3298566./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3298566./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3298566./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B<:222H64<L8DAJ", "6D70706F7673747975722A7879727A77752120");
Line Deleted : user_pref("valueApps.CT3298566./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3298566./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3298566./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3298566./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3298566./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3298566.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3298566.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT3298566.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.SF_USER_ID", "6369645F32393132323031333137313932323731363034");
Line Deleted : user_pref("valueApps.CT3298566.SF_USER_ID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566._key_edilia__uID", "63656637313363392D373663372D343130392D616265322D643139666430376164356364");
Line Deleted : user_pref("valueApps.CT3298566._key_edilia__uID.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.cbfirsttime", "4D6F6E204D617920323720323031332031343A33383A323020474D542D3036303020284D6F756E7461696E2053756D6D65722054696D6529");
Line Deleted : user_pref("valueApps.CT3298566.cbfirsttime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7032222C2276657273696F6E223A31307D");
Line Deleted : user_pref("valueApps.CT3298566.discover-experiments-photopop.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.discover-periodic-reports", "7B2270696E675F30223A5B313338383833343331303932392C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3298566.discover-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.discover-user-id", "2232343333626263662D633930382D343434662D383933362D34633765326636326165653122");
Line Deleted : user_pref("valueApps.CT3298566.discover-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.ground-country-code", "22555322");
Line Deleted : user_pref("valueApps.CT3298566.ground-country-code.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.impression_counter", "32");
Line Deleted : user_pref("valueApps.CT3298566.impression_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.impression_session_counter", "31");
Line Deleted : user_pref("valueApps.CT3298566.impression_session_counter.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.impression_session_id", "2233366632373764352D326333362D346632662D383031372D32356166333030346539333922");
Line Deleted : user_pref("valueApps.CT3298566.impression_session_id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.impression_session_last_active", "31333838383334333132353031");
Line Deleted : user_pref("valueApps.CT3298566.impression_session_last_active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appStateReportTime", "31333838383239333930363832");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_Discover_Apps", "6F6E");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_Discover_Apps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentBadgeValue", "30");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentBadgeValue.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_gadgetOpen", "77656C636F6D65");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_gadgetOpen.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_lastLoginTime", "31333838383239333930393933");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_newApps", "5B5D");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_newApps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_settings1.10.4.0.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_settings1.11.4.2.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_stamp", "38365F30");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_userId", "30393534393835372D656436612D343139662D613737392D326135313731616165303335");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3298566.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333239383536367E38365[...]
Line Deleted : user_pref("valueApps.CT3298566.rematchGround.upstairs.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-is-test-user", "66616C7365");
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-is-test-user.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-matkot-user-id", "22313338383336323736323332343638323334353622");
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-periodic-reports", "7B2270696E675F30223A5B313338383832393738323935352C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-periodic-reports.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-user-id", "2239643632373832382D653530612D346334332D613466372D35643564356632313034333422");
Line Deleted : user_pref("valueApps.CT3298566.rematchagent-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3298566.response_cache.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3298566.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [95954 octets] - [04/01/2014 15:48:05]
AdwCleaner[S0].txt - [89644 octets] - [04/01/2014 15:57:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [89705 octets] ##########

#4
Essexboy

Posted 05 January 2014 - 05:30 AM

GeekU Moderator

Retired Staff
69,964 posts

Lots of junk killed there, methinks one more run should finish it off

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Attach the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

#5
x_LUIS_X

Posted 05 January 2014 - 11:02 PM

Member

Topic Starter
Member
153 posts

i have a question which free antivirus its better AvG or Microsoft Security Essencials??
here is the malwarebytes log...

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.05.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Cowboys :: RICHARD [administrator]

Protection: Enabled

1/5/2014 4:08:06 PM
mbam-log-2014-01-05 (16-08-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209062
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE} (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName (PUP.Optional.Adpeak) -> Data: Level Quality Watcher -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 8644669700248400281651623608735077979 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Cowboys\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 18
C:\$Recycle.Bin\S-1-5-21-2441954850-2417779250-457443304-1001\$RBV53J4.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\temp\000.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\temp\scorpionsaver.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\temp\ScorpionSaver.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\temp\t.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Cowboys\Downloads\Setup(1).exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\Users\Cowboys\Downloads\Setup.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\Users\Cowboys\Downloads\XWXBJwP05VAAo2JpIEGSERQ-fm4Enzo91AtgHLSLOUPP740EttaVmbC6V5BX1aG1jfW6TdpQIcZfoLKaKJtTqQ (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\8d71f364.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\Installer\8d722513.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\Installer\bee7b740.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\d55b904d.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Cowboys\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)

#6
Essexboy

Posted 06 January 2014 - 07:50 AM

GeekU Moderator

Retired Staff
69,964 posts

A difficult question to answer as an antivirus is really down to which one suits you, I have used at some stage both MSES and AVG but I always returned to my normal AV

How is the computer behaving now .. Any noticeable problems ?

#7
x_LUIS_X

Posted 06 January 2014 - 05:00 PM

Member

Topic Starter
Member
153 posts

no problems that i noticed thank you so much what do i do with the programs otl and adwcleaner do i leave them??

#8
x_LUIS_X

Posted 06 January 2014 - 06:48 PM

Member

Topic Starter
Member
153 posts

i found these files with malwarebytes do i removed them??

and in the mozilla browser keeps poping advertaisment page

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Cowboys :: RICHARD [administrator]

Protection: Enabled

1/6/2014 4:06:21 PM
MBAM-log-2014-01-06 (17-35-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342759
Time elapsed: 57 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 34
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe.vir (PUP.Optional.Adpeak) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bg.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\utils.exe.vir (PUP.Optional.PlusHD.A.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PricePeep\uninstall.exe.vir (PUP.Optional.PricePeep.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\Cowboys\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> No action taken.
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Cowboys\.frostwire5\updates\frostwire-5.6.9.windows.coc.premium.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll (PUP.Optional.PlusHD.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll (PUP.Optional.PlusHD.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388362533991 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388364540171 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388367138442 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388367421864 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388367649483 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1388367814244 (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\_OTL\MovedFiles\01042014_153149\C_Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

#9
Essexboy

Posted 07 January 2014 - 07:59 AM

GeekU Moderator

Retired Staff
69,964 posts

They are all in quarantine, but you can remove them

Is it just Firefox with the ad problem ?

#10
x_LUIS_X

Posted 07 January 2014 - 06:05 PM

Member

Topic Starter
Member
153 posts

yes its the ad of Firefox thank so much for your help and time your site its the Best!!!

#11
Essexboy

Posted 08 January 2014 - 07:48 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets now check out Firefox

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#12
x_LUIS_X

Posted 08 January 2014 - 03:08 PM

Member

Topic Starter
Member
153 posts

this is the log of FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Cowboys (administrator) on RICHARD on 08-01-2014 13:56:29
Running from C:\Users\Cowboys\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\sppsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\IDMSQ\idmsq.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CommonToolkitTray] - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1497120 2013-07-08] (SPAMfighter ApS)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [ManyCam] - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [2716048 2012-11-22] (ManyCam LLC)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [IDMSQ] - C:\Program Files (x86)\IDMSQ\idmsq.exe [2561088 2013-10-29] ()
MountPoints2: {43f3e49a-aa2b-11e2-be92-00266cad965b} - "F:\LaunchU3.exe" -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD694A25A209CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: ArcadeParlor - C:\Users\Cowboys\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
FF Extension: Internet Download Manager Squared - C:\Users\Cowboys\AppData\Roaming\Mozilla\Firefox\Profiles\36c045zd.default\Extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ff
FF HKCU\...\Firefox\Extensions: [{b0b5a63d-7609-4029-823b-9a3acc4bd1ff}] - C:\Program Files (x86)\Re-markit\135.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [oapjndoaiphlcmimmenkapolkhknkbkk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ch\WebexpEnhancedV1alpha2079.crx
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Cowboys\AppData\Roaming\IDMSQ\IDMSQ.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SLSvc; C:\Windows\sppsvc.exe [10240 2012-08-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [29696 2012-10-10] (ManyCam LLC)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-02] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-08 13:56 - 2014-01-08 13:56 - 00008811 _____ C:\Users\Cowboys\Downloads\FRST.txt
2014-01-08 13:56 - 2014-01-08 13:56 - 00000000 ____D C:\FRST
2014-01-08 13:43 - 2014-01-08 13:43 - 01931770 _____ (Farbar) C:\Users\Cowboys\Downloads\FRST64.exe
2014-01-08 13:35 - 2014-01-08 13:53 - 00005244 _____ C:\Windows\PFRO.log
2014-01-06 19:38 - 2014-01-06 19:38 - 00000000 ____D C:\Windows\pss
2014-01-05 23:44 - 2014-01-05 23:44 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Macromedia
2014-01-05 23:14 - 2014-01-05 23:14 - 00438536 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-05 22:39 - 2014-01-08 13:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 22:39 - 2014-01-05 22:39 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-05 22:16 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-05 22:16 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-05 22:16 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-05 22:16 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-05 22:16 - 2013-10-27 22:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-05 22:16 - 2013-10-27 21:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-05 22:16 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-05 22:16 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-05 22:16 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-05 22:16 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-05 22:16 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-05 00:07 - 2014-01-05 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-04 19:34 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-04 19:34 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-04 19:34 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-04 19:34 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-04 19:34 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-04 19:34 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-04 19:33 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-04 19:33 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-04 19:33 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-01-04 19:33 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-04 19:33 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-04 19:33 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-04 19:33 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-04 19:33 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-04 19:33 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-04 19:33 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-04 19:33 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-04 19:33 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-04 19:32 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-04 19:32 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-04 19:32 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-04 19:32 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-04 19:32 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-04 19:32 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-04 19:32 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-01-04 19:32 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-04 19:32 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-04 19:32 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-04 19:32 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-01-04 19:32 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-04 19:32 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-04 19:32 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-01-04 19:32 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-01-04 19:32 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-01-04 19:32 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-01-04 19:32 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-04 19:32 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-04 19:32 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-04 19:32 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-01-04 19:32 - 2013-10-03 15:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2014-01-04 19:32 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-01-04 19:32 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-01-04 19:32 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-01-04 19:32 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-04 19:32 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-04 19:32 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-01-04 19:32 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-01-04 19:32 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-01-04 19:32 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-01-04 15:47 - 2014-01-04 15:58 - 00000000 ____D C:\AdwCleaner
2014-01-04 15:31 - 2014-01-04 15:31 - 00000000 ____D C:\_OTL
2014-01-04 04:15 - 2014-01-04 04:15 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Malwarebytes
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 04:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-04 01:04 - 2014-01-04 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-03 23:31 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-03 23:31 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-03 22:32 - 2014-01-03 22:32 - 00001262 _____ C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4 - Control Panel.lnk
2014-01-03 21:23 - 2014-01-03 22:42 - 00000000 ____D C:\SUPERDelete
2014-01-03 17:29 - 2014-01-06 20:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-03 17:27 - 2014-01-07 16:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-29 18:37 - 2013-12-29 18:37 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\AVG2014
2013-12-29 18:36 - 2013-12-29 18:36 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-29 18:36 - 2013-12-29 18:36 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\TuneUp Software
2013-12-29 18:34 - 2013-12-29 18:36 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-29 18:34 - 2013-12-29 18:34 - 00000000 ___HD C:\$AVG
2013-12-29 18:33 - 2013-12-29 18:33 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-29 18:31 - 2013-12-29 18:45 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Avg2014
2013-12-29 18:31 - 2013-09-30 08:53 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-12-29 18:31 - 2013-09-30 08:53 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-12-29 18:30 - 2014-01-08 13:41 - 00000000 ____D C:\ProgramData\MFAData
2013-12-29 18:30 - 2013-12-29 18:30 - 00000000 ____D C:\Users\Cowboys\AppData\Local\MFAData
2013-12-29 18:30 - 2013-12-29 18:30 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Avg2013
2013-12-29 17:48 - 2014-01-08 13:54 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\IDMSQ
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\Program Files (x86)\IDMSQ
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\MININT
2013-12-29 17:47 - 2013-12-29 17:49 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\IDM2
2013-12-29 17:39 - 2014-01-05 22:42 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Adobe
2013-12-29 17:39 - 2013-12-29 17:39 - 00000949 _____ C:\Users\Public\Desktop\VideoBuzz.lnk
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\ProgramData\Adobe
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Program Files (x86)\VideoBuzz
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-29 17:38 - 2014-01-08 13:53 - 00000404 _____ C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Notification.job
2013-12-29 17:38 - 2014-01-08 13:53 - 00000402 _____ C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Startup.job
2013-12-29 17:38 - 2014-01-03 21:26 - 00000000 ____D C:\Program Files\Fighters
2013-12-29 17:38 - 2013-12-29 17:48 - 00000000 ____D C:\ProgramData\Fighters
2013-12-29 17:38 - 2013-12-29 17:38 - 00003442 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Cowboys-Notification
2013-12-29 17:38 - 2013-12-29 17:38 - 00002764 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Cowboys-Startup
2013-12-29 17:38 - 2013-12-29 17:38 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Fighters
2013-12-29 17:38 - 2013-12-29 17:38 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-12-29 17:36 - 2014-01-08 13:53 - 00000458 _____ C:\Windows\Tasks\RegPowerClean.job
2013-12-29 17:36 - 2014-01-06 15:48 - 00000296 _____ C:\Windows\Tasks\ArcadeParlor.job
2013-12-29 17:36 - 2014-01-04 15:07 - 00000444 _____ C:\Windows\Tasks\RPCReminder.job
2013-12-29 17:36 - 2013-12-29 17:41 - 00003128 _____ C:\Windows\System32\Tasks\RPCReminder
2013-12-29 17:36 - 2013-12-29 17:36 - 00003202 _____ C:\Windows\System32\Tasks\RegPowerClean
2013-12-29 17:36 - 2013-12-29 17:36 - 00003140 _____ C:\Windows\System32\Tasks\ArcadeParlor
2013-12-29 17:36 - 2013-12-29 17:36 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2013-12-29 17:36 - 2010-10-26 11:07 - 00499785 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINUTIL8.DLL
2013-12-29 17:36 - 2010-09-01 15:59 - 00835656 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINCTL5.OCX
2013-12-29 17:36 - 2010-01-14 10:31 - 00425984 _____ C:\Windows\SysWOW64\WinCMR.dll
2013-12-29 17:36 - 2009-06-05 11:06 - 00516832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapiCom.dll
2013-12-29 17:36 - 2009-06-05 11:04 - 00393216 _____ (Capital Intellect Inc) C:\Windows\SysWOW64\WINLCTL6.DLL
2013-12-29 17:16 - 2014-01-04 04:21 - 00000662 _____ C:\Users\Cowboys\daemonprocess.txt
2013-12-29 17:16 - 2013-12-29 17:16 - 00000000 ____D C:\Users\Cowboys\AppData\Local\cache
2013-12-29 17:16 - 2013-12-29 17:16 - 00000000 ____D C:\Users\Cowboys\.android
2013-12-29 17:15 - 2013-12-29 17:15 - 00001033 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-12-29 17:15 - 2013-12-29 17:15 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-12-09 15:38 - 2013-12-09 15:38 - 00003159 _____ C:\Review - Shortcut.lnk

==================== One Month Modified Files and Folders =======

2014-01-08 13:56 - 2014-01-08 13:56 - 00008811 _____ C:\Users\Cowboys\Downloads\FRST.txt
2014-01-08 13:56 - 2014-01-08 13:56 - 00000000 ____D C:\FRST
2014-01-08 13:56 - 2014-01-05 22:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 13:54 - 2013-12-29 17:48 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\IDMSQ
2014-01-08 13:53 - 2014-01-08 13:35 - 00005244 _____ C:\Windows\PFRO.log
2014-01-08 13:53 - 2013-12-29 17:38 - 00000404 _____ C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Notification.job
2014-01-08 13:53 - 2013-12-29 17:38 - 00000402 _____ C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Startup.job
2014-01-08 13:53 - 2013-12-29 17:36 - 00000458 _____ C:\Windows\Tasks\RegPowerClean.job
2014-01-08 13:53 - 2012-12-05 22:06 - 00000290 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-08 13:53 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 13:52 - 2013-04-20 21:43 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2014-01-08 13:43 - 2014-01-08 13:43 - 01931770 _____ (Farbar) C:\Users\Cowboys\Downloads\FRST64.exe
2014-01-08 13:43 - 2012-07-26 00:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 13:41 - 2013-12-29 18:30 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 13:41 - 2012-12-05 16:55 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2441954850-2417779250-457443304-1001
2014-01-08 13:37 - 2013-07-22 01:35 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Skype
2014-01-07 16:50 - 2014-01-03 17:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2014-01-06 20:24 - 2014-01-03 17:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-06 20:10 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-06 20:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-06 19:38 - 2014-01-06 19:38 - 00000000 ____D C:\Windows\pss
2014-01-06 19:38 - 2012-12-05 16:49 - 00000000 ___RD C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 19:31 - 2013-04-20 21:44 - 00000000 ____D C:\Users\Cowboys\.frostwire5
2014-01-06 15:48 - 2013-12-29 17:36 - 00000296 _____ C:\Windows\Tasks\ArcadeParlor.job
2014-01-06 03:30 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2014-01-06 00:20 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache
2014-01-05 23:44 - 2014-01-05 23:44 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Macromedia
2014-01-05 23:14 - 2014-01-05 23:14 - 00438536 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-05 23:14 - 2012-12-05 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 23:12 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2014-01-05 23:12 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\en-GB
2014-01-05 22:42 - 2013-12-29 17:39 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Adobe
2014-01-05 22:39 - 2014-01-05 22:39 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-05 22:06 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe
2014-01-05 21:55 - 2012-12-05 17:08 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Mozilla
2014-01-05 21:47 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2014-01-05 00:07 - 2014-01-05 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-04 15:58 - 2014-01-04 15:47 - 00000000 ____D C:\AdwCleaner
2014-01-04 15:31 - 2014-01-04 15:31 - 00000000 ____D C:\_OTL
2014-01-04 15:07 - 2013-12-29 17:36 - 00000444 _____ C:\Windows\Tasks\RPCReminder.job
2014-01-04 04:21 - 2013-12-29 17:16 - 00000662 _____ C:\Users\Cowboys\daemonprocess.txt
2014-01-04 04:15 - 2014-01-04 04:15 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Malwarebytes
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 04:15 - 2014-01-04 04:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 03:14 - 2012-12-06 10:53 - 00000000 ____D C:\Users\Cowboys\Desktop\richards picture and music save
2014-01-04 01:13 - 2012-12-05 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-04 01:11 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-04 01:11 - 2012-07-25 22:26 - 00000167 _____ C:\Windows\win.ini
2014-01-04 01:04 - 2014-01-04 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-04 01:04 - 2013-11-26 14:40 - 00000000 ____D C:\Windows\system32\MRT
2014-01-04 01:01 - 2012-12-20 19:20 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-03 22:42 - 2014-01-03 21:23 - 00000000 ____D C:\SUPERDelete
2014-01-03 22:32 - 2014-01-03 22:32 - 00001262 _____ C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4 - Control Panel.lnk
2014-01-03 21:26 - 2013-12-29 17:38 - 00000000 ____D C:\Program Files\Fighters
2014-01-03 02:21 - 2012-12-22 08:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-03 02:21 - 2012-12-22 08:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-03 02:20 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-03 02:08 - 2012-12-05 22:06 - 00000000 ____D C:\Windows\AutoKMS
2013-12-29 18:45 - 2013-12-29 18:31 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Avg2014
2013-12-29 18:37 - 2013-12-29 18:37 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\AVG2014
2013-12-29 18:36 - 2013-12-29 18:36 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-29 18:36 - 2013-12-29 18:36 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\TuneUp Software
2013-12-29 18:36 - 2013-12-29 18:34 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-29 18:36 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-12-29 18:34 - 2013-12-29 18:34 - 00000000 ___HD C:\$AVG
2013-12-29 18:33 - 2013-12-29 18:33 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-29 18:30 - 2013-12-29 18:30 - 00000000 ____D C:\Users\Cowboys\AppData\Local\MFAData
2013-12-29 18:30 - 2013-12-29 18:30 - 00000000 ____D C:\Users\Cowboys\AppData\Local\Avg2013
2013-12-29 17:49 - 2013-12-29 17:47 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\IDM2
2013-12-29 17:49 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\Resources
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\Program Files (x86)\IDMSQ
2013-12-29 17:48 - 2013-12-29 17:48 - 00000000 ____D C:\MININT
2013-12-29 17:48 - 2013-12-29 17:38 - 00000000 ____D C:\ProgramData\Fighters
2013-12-29 17:41 - 2013-12-29 17:36 - 00003128 _____ C:\Windows\System32\Tasks\RPCReminder
2013-12-29 17:39 - 2013-12-29 17:39 - 00000949 _____ C:\Users\Public\Desktop\VideoBuzz.lnk
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\ProgramData\Adobe
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Program Files (x86)\VideoBuzz
2013-12-29 17:39 - 2013-12-29 17:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-29 17:39 - 2012-12-05 16:49 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Adobe
2013-12-29 17:38 - 2013-12-29 17:38 - 00003442 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Cowboys-Notification
2013-12-29 17:38 - 2013-12-29 17:38 - 00002764 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Cowboys-Startup
2013-12-29 17:38 - 2013-12-29 17:38 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Fighters
2013-12-29 17:38 - 2013-12-29 17:38 - 00000000 ____D C:\Program Files (x86)\Fighters
2013-12-29 17:36 - 2013-12-29 17:36 - 00003202 _____ C:\Windows\System32\Tasks\RegPowerClean
2013-12-29 17:36 - 2013-12-29 17:36 - 00003140 _____ C:\Windows\System32\Tasks\ArcadeParlor
2013-12-29 17:36 - 2013-12-29 17:36 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2013-12-29 17:16 - 2013-12-29 17:16 - 00000000 ____D C:\Users\Cowboys\AppData\Local\cache
2013-12-29 17:16 - 2013-12-29 17:16 - 00000000 ____D C:\Users\Cowboys\.android
2013-12-29 17:16 - 2012-12-05 16:48 - 00000000 ____D C:\Users\Cowboys
2013-12-29 17:15 - 2013-12-29 17:15 - 00001033 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-12-29 17:15 - 2013-12-29 17:15 - 00000000 ____D C:\Program Files (x86)\VideoPlayer
2013-12-10 17:31 - 2013-12-08 20:42 - 00000000 ____D C:\Users\Cowboys\Documents\Richard
2013-12-09 15:38 - 2013-12-09 15:38 - 00003159 _____ C:\Review - Shortcut.lnk

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2441954850-2417779250-457443304-1001\$6b2a20d155397d57cb619a8e14385e05

Some content of TEMP:
====================
C:\Users\Cowboys\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-07 17:04

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Cowboys at 2014-01-08 13:57:43
Running from C:\Users\Cowboys\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Define Ext (HKCU Version: 8 - DefineExt.com)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
FrostWire 5.5.5 (x32 Version: 5.5.5.0 - FrostWire Team)
ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!)
Internet Download Manager² 1.0 (x32 Version: 1.0 - OR Interactive Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 3.1.16 (x32 Version: 3.1.16 - ManyCam LLC)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 17.0.8.21 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VideoBuzz (x32 Version: 1.0.0 - InstallX, LLC)
VideoPlayer v2.0.6 (x32 Version: v2.0.6 - TUGUU SL)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (x32 Version: 2.0.4 - VideoLAN)

==================== Restore Points =========================

07-01-2014 23:57:14 System Cleanup

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-01-04 15:39 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C052E56-47C4-4D42-BCFC-0BD92C783751} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {0F9CF1AE-B086-42B7-9370-9689BFE07C8C} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Task: {16FF9589-D92B-426C-971F-9BEA77955982} - System32\Tasks\ArcadeParlor => C:\Users\Cowboys\AppData\Local\ArcadeParlor\versioncheck.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21F196EC-4144-4A31-9BAD-6F4E66606D39} - \Plus-HD-1.2-enabler No Task File
Task: {22334F0A-63A1-4BAE-BD86-9BCDC58C6005} - \Plus-HD-1.2-firefoxinstaller No Task File
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy
Task: {3AAE3550-A5ED-43E2-B2AF-1B9CD3791152} - System32\Tasks\SLOW-PCfighter64-Cowboys-Startup => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
Task: {4703B348-AC55-4E1F-B4B0-3F01BD511048} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {6EDA0F61-E314-465F-A6CF-9A6EA55C759B} - System32\Tasks\SLOW-PCfighter64-Cowboys-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
Task: {759A28BF-A2CA-40E3-BC51-89A9BD3D901C} - \Re-markit Update No Task File
Task: {75F5CC90-C215-49BF-98CE-3496165AF183} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2441954850-2417779250-457443304-1001
Task: {76778291-5D70-44BE-96CA-5BA84F704A09} - \Plus-HD-1.2-chromeinstaller No Task File
Task: {8968082C-D19C-46EE-9C4C-C57E766E902A} - \AmiUpdXp No Task File
Task: {9605D98D-7EBB-41AF-8F23-257ADEEAB65B} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: {A3B52816-913E-462F-BD9F-92C1DCE94D51} - \Plus-HD-1.2-updater No Task File
Task: {A670C591-A313-4090-9F6C-4ABAA28FF304} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation
Task: {A9AB056F-C6E5-4518-89A1-9EFB737CA2CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-05] (Adobe Systems Incorporated)
Task: {ACE6B790-5748-4B59-A21C-15E677D844D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B7FF77DD-1EA1-41D3-93BF-8E6E4E69289D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {BD10D977-EB9E-4550-9709-1FC9EE1E94C6} - \Newzio 1.4-updater No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C84F8A44-9FD3-4273-930B-E488674D2812} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
Task: {F6EEB348-4FCE-484C-B5EE-7FDB5F66360C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Task: {FF0DFDAC-81D3-432B-BD54-C96969976730} - \Plus-HD-1.2-codedownloader No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\Cowboys\AppData\Local\ArcadeParlor\versioncheck.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Cowboys-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-22 21:40 - 2012-11-22 21:40 - 02010624 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
2012-11-22 21:40 - 2012-11-22 21:40 - 01241088 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
2012-11-22 21:40 - 2012-11-22 21:40 - 00201216 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll
2012-11-22 21:40 - 2012-11-22 21:40 - 00241152 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
2012-11-22 21:40 - 2012-11-22 21:40 - 00775680 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3090.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00056320 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM30E0.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00055296 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3111.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00068608 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3171.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM31B2.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3211.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3242.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00056832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3273.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00033792 _____ () C:\Users\Cowboys\AppData\Local\Temp\YTMP7MC8AA\TAA32A4.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM32C5.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3306.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3346.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00056320 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3387.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM33C7.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00075776 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM33F8.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00053760 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3439.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00064000 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3469.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00053760 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM349A.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00057344 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM34BC.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00072192 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM350C.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00072704 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM353D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00072192 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM358D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00072192 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM35CD.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM361D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM366E.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM36ED.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM375D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM37AD.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM37ED.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM384D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM38AD.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM38FD.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM395D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM399D.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM39FD.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3DD7.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3E28.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3E78.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3ED7.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3F28.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3F87.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM3FE7.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00120832 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM4037.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00086016 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM40C8.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00086016 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM40F9.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00086016 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM412A.tmp
2014-01-08 13:54 - 2014-01-08 13:54 - 00086016 _____ () C:\Users\Cowboys\AppData\Local\Temp\XTMP1MC3VE\DEM415A.tmp

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2014 04:08:12 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 754

Start Time: 01cf09a12361274f

Termination Time: 78

Application Path: C:\Windows\Explorer.EXE

Report Id: 383dd36f-765e-11e3-bea6-00266cad965b

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2014 03:09:20 PM) (Source: Perflib) (User: )
Description: Outlook

Error: (01/04/2014 03:09:20 PM) (Source: Perflib) (User: )
Description: Outlook8

Error: (01/03/2014 10:43:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: slsvc.exe, version: 6.2.9200.16384, time stamp: 0x50298688
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process ID: 0x95c
Faulting application start time: 0xslsvc.exe0
Faulting application path: slsvc.exe1
Faulting module path: slsvc.exe2
Report ID: slsvc.exe3
Faulting package full name: slsvc.exe4
Faulting package-relative application ID: slsvc.exe5

Error: (01/03/2014 10:43:27 PM) (Source: .NET Runtime) (User: )
Description: Application: slsvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at Activation.ThreadUtil.GetThreadStartAddress(UInt32)
at Activation.Program.Execute()
at Activation.Program.Main(System.String[])

Error: (01/03/2014 02:17:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.9200.16384, time stamp: 0x5010a60b
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051e8a
Faulting process ID: 0x6524
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report ID: MsiExec.exe3
Faulting package full name: MsiExec.exe4
Faulting package-relative application ID: MsiExec.exe5

Error: (01/02/2014 11:28:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: twinui.dll, version: 6.2.9200.16680, time stamp: 0x51fb45f3
Exception code: 0xc0000005
Fault offset: 0x0000000000100be2
Faulting process ID: 0x4324
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (12/30/2013 02:44:14 PM) (Source: MsiInstaller) (User: Richard)
Description: Product: ScorpionSaver Services -- Error 1920. Service 'AdpeakProxy' (AdpeakProxy) failed to start. Verify that you have sufficient privileges to start system services.

Error: (12/29/2013 06:58:42 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4d04

Start Time: 01cf050129786bed

Termination Time: 140

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: e54bd840-70f5-11e3-bea0-00266cad965b

Faulting package full name:

Faulting package-relative application ID:

Error: (12/29/2013 06:58:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537, time stamp: 0x512347f7
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000374
Fault offset: 0x000daa3c
Faulting process ID: 0x5cd4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (01/08/2014 01:52:32 PM) (Source: DCOM) (User: Richard)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/08/2014 01:36:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:49:31 PM on ‎1/‎7/‎2014 was unexpected.

Error: (01/07/2014 04:49:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:10:34 PM on ‎1/‎6/‎2014 was unexpected.

Error: (01/06/2014 08:10:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: microsoft.microsoftskydrive.

Error: (01/06/2014 08:09:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft.XboxLIVEGames.

Error: (01/06/2014 08:09:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft.Reader.

Error: (01/06/2014 08:09:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Microsoft.BingNews.

Error: (01/06/2014 07:30:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:04:35 PM on ‎1/‎6/‎2014 was unexpected.

Error: (01/04/2014 03:07:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:02:45 AM on ‎1/‎4/‎2014 was unexpected.

Error: (01/04/2014 03:15:23 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (01/05/2014 04:08:12 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.1662875401cf09a12361274f78C:\Windows\Explorer.EXE383dd36f-765e-11e3-bea6-00266cad965b

Error: (01/04/2014 03:09:20 PM) (Source: Perflib)(User: )
Description: Outlook

Error: (01/04/2014 03:09:20 PM) (Source: Perflib)(User: )
Description: Outlook8

Error: (01/03/2014 10:43:31 PM) (Source: Application Error)(User: )
Description: slsvc.exe6.2.9200.1638450298688KERNELBASE.dll6.2.9200.1645150988aa6e0434352000000000003811c95c01cf090fd940d118C:\Windows\slsvc.exeC:\Windows\system32\KERNELBASE.dll241b2c26-7503-11e3-bea3-b4749f712b1f

Error: (01/03/2014 10:43:27 PM) (Source: .NET Runtime)(User: )
Description: Application: slsvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at Activation.ThreadUtil.GetThreadStartAddress(UInt32)
at Activation.Program.Execute()
at Activation.Program.Main(System.String[])

Error: (01/03/2014 02:17:08 AM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.9200.163845010a60bntdll.dll6.2.9200.16578515fac6ec000000500051e8a652401cf08648dc5d0e1c:\Windows\syswow64\MsiExec.exeC:\Windows\SYSTEM32\ntdll.dlld19cadae-7457-11e3-bea0-00266cad965b

Error: (01/02/2014 11:28:34 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.1668051fb45f3c00000050000000000100be2432401cf084cf3ce195aC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll44d4f037-7440-11e3-bea0-00266cad965b

Error: (12/30/2013 02:44:14 PM) (Source: MsiInstaller)(User: Richard)
Description: Product: ScorpionSaver Services -- Error 1920. Service 'AdpeakProxy' (AdpeakProxy) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2013 06:58:42 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.165374d0401cf050129786bed140C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEe54bd840-70f5-11e3-bea0-00266cad965b

Error: (12/29/2013 06:58:22 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7ntdll.dll6.2.9200.16578515fac6ec0000374000daa3c5cd401cf0501b763ef8dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dlldc5182c3-70f5-11e3-bea0-00266cad965b

CodeIntegrity Errors:
===================================
Date: 2012-12-05 16:59:41.399
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

Date: 2012-12-05 16:57:09.542
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3894.85 MB
Available physical RAM: 2621.98 MB
Total Pagefile: 4598.85 MB
Available Pagefile: 3207.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.11 GB) (Free:416.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1464DAA7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================

#13
Essexboy

Posted 08 January 2014 - 03:23 PM

GeekU Moderator

Retired Staff
69,964 posts

OK on completion of this could you let me know what problems remain

Download the attached fixlist.txt to the same location as FRST
[attachment=68448:fixlist.txt]
Run FRST and press fix
On completion a log will open
Please post that

#14
x_LUIS_X

Posted 08 January 2014 - 10:05 PM

Member

Topic Starter
Member
153 posts

i dont know if i did it right but here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
Ran by Cowboys at 2014-01-08 21:00:18 Run:1
Running from C:\Users\Cowboys\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
FF Extension: ArcadeParlor - C:\Users\Cowboys\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha2079\ff
FF HKCU\...\Firefox\Extensions: [{b0b5a63d-7609-4029-823b-9a3acc4bd1ff}] - C:\Program Files (x86)\Re-markit\135.xpi
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2013-12-29 17:36 - 2013-12-29 17:36 - 00003140 _____ C:\Windows\System32\Tasks\ArcadeParlor
2013-12-29 17:36 - 2013-12-29 17:36 - 00000000 ____D C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
C:\$Recycle.Bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05
C:\$Recycle.Bin\S-1-5-21-2441954850-2417779250-457443304-1001\$6b2a20d155397d57cb619a8e14385e05
Task: {21F196EC-4144-4A31-9BAD-6F4E66606D39} - \Plus-HD-1.2-enabler No Task File
Task: {22334F0A-63A1-4BAE-BD86-9BCDC58C6005} - \Plus-HD-1.2-firefoxinstaller No Task File
Task: {759A28BF-A2CA-40E3-BC51-89A9BD3D901C} - \Re-markit Update No Task File
Task: {76778291-5D70-44BE-96CA-5BA84F704A09} - \Plus-HD-1.2-chromeinstaller No Task File
Task: {8968082C-D19C-46EE-9C4C-C57E766E902A} - \AmiUpdXp No Task File
Task: {9605D98D-7EBB-41AF-8F23-257ADEEAB65B} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: {A3B52816-913E-462F-BD9F-92C1DCE94D51} - \Plus-HD-1.2-updater No Task File
Task: {A670C591-A313-4090-9F6C-4ABAA28FF304} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: {BD10D977-EB9E-4550-9709-1FC9EE1E94C6} - \Newzio 1.4-updater No Task File
Task: {FF0DFDAC-81D3-432B-BD54-C96969976730} - \Plus-HD-1.2-codedownloader No Task File
Task: C:\Windows\Tasks\ArcadeParlor.job => C:\Users\Cowboys\AppData\Local\ArcadeParlor\versioncheck.exe
Task: C:\Windows\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: C:\Windows\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe

*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\Users\Cowboys\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{b0b5a63d-7609-4029-823b-9a3acc4bd1ff} => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\System32\Tasks\ArcadeParlor => Moved successfully.

"C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor" directory move:

C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor\Play ArcadeParlor Online.url => Moved successfully.
C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor\Uninstall ArcadeParlor.lnk => Moved successfully.
Could not move "C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor" directory. => Scheduled to move on reboot.

C:\$Recycle.Bin\S-1-5-18\$6b2a20d155397d57cb619a8e14385e05 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-2441954850-2417779250-457443304-1001\$6b2a20d155397d57cb619a8e14385e05 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21F196EC-4144-4A31-9BAD-6F4E66606D39} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F196EC-4144-4A31-9BAD-6F4E66606D39} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22334F0A-63A1-4BAE-BD86-9BCDC58C6005} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22334F0A-63A1-4BAE-BD86-9BCDC58C6005} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{759A28BF-A2CA-40E3-BC51-89A9BD3D901C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{759A28BF-A2CA-40E3-BC51-89A9BD3D901C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76778291-5D70-44BE-96CA-5BA84F704A09} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76778291-5D70-44BE-96CA-5BA84F704A09} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8968082C-D19C-46EE-9C4C-C57E766E902A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8968082C-D19C-46EE-9C4C-C57E766E902A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9605D98D-7EBB-41AF-8F23-257ADEEAB65B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9605D98D-7EBB-41AF-8F23-257ADEEAB65B} => Key deleted successfully.
C:\Windows\System32\Tasks\RPCReminder => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RPCReminder => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3B52816-913E-462F-BD9F-92C1DCE94D51} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3B52816-913E-462F-BD9F-92C1DCE94D51} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A670C591-A313-4090-9F6C-4ABAA28FF304} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A670C591-A313-4090-9F6C-4ABAA28FF304} => Key deleted successfully.
C:\Windows\System32\Tasks\RegPowerClean => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegPowerClean => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD10D977-EB9E-4550-9709-1FC9EE1E94C6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD10D977-EB9E-4550-9709-1FC9EE1E94C6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Newzio 1.4-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF0DFDAC-81D3-432B-BD54-C96969976730} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF0DFDAC-81D3-432B-BD54-C96969976730} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.2-codedownloader => Key deleted successfully.
C:\Windows\Tasks\ArcadeParlor.job => Moved successfully.
C:\Windows\Tasks\RegPowerClean.job => Moved successfully.
C:\Windows\Tasks\RPCReminder.job => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-08 21:01:58)<=

"C:\Users\Cowboys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor" => Directory could not move.

==== End of Fixlog ====