Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Conflicting Protection? [Closed]


  • This topic is locked This topic is locked

#31
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

There should be a copy of FRST.exe on the desktop of the ill computer, but it may now complain about being outdated and prompt you to download a new copy.

 

To be on the safe side, download an updated 32-Bit copy of FRST from here: Farbar Recovery Scan Tool and save it to your USB stick.  On the infected computer, make sure all the files get copied to the Desktop.

 

Looking forward to resolving this one as best as we can. :)


  • 0

Advertisements


#32
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Here is the logs you requested Dano thanks for the continued help.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by Joseph at 2015-07-11 01:24:00 Run:1
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba
C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232 2009-08-07] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CMD: netsh winsock reset catalog
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
"HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully.
C:\$Recycle.Bin\S-1-5-21-2013592473-1583479073-1329353095-1000\$afd7bede3b150b7dc33f9425a8f88dba => folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$afd7bede3b150b7dc33f9425a8f88dba => removed successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 01:24:06 ====
 
 
 
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by Joseph (administrator) on 11-07-2015 at 01:25:41
Running from "C:\Users\Joseph\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
 
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#33
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Did you restart the computer after the FRST fix?  

 

Did you try connecting to the Internet?

 

If not, please reboot and try connecting to the Internet.  How is the computer running?


  • 0

#34
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts
Let's try to fix up some broken services.


Now
Run Windows Repair (All In One) from a USB Flash Drive

On a "clean" computer with Internet access:

Please download Windows Repair All-In-One Portable by Tweaking.com to your flash drive..
  • Extract the downloaded zip file to your USB thumb drive by right-clicking on the file and selecting Extract...
  • Plug the USB drive/stick into the ill computer.
  • On the ill computer, open My Computer, and browse to your USB drive.  Find the folder where Windows Repair was extracted (Tweaking dot.com - Windows Repair), and double-click the Repair_Windows.exe file to run the program.
    • When the program opens, select the Step 5: Backup tab, then click the Backup button under "1. Registry Backup" and the Create button under "2. System Restore":
      WinAioBackup_zps8m7d3tjp.png
    • Now, select the Repairs tab, then click on the "Open Repairs" button:
      repairs_zpscvq674py.png
    • Agree to the Create a System Restore Point prompt if asked and wait for a bit for it to continue.  (Note that System Restore will not work in Safe Mode.)  Agree to any User Account Control prompts.

      NOTE: The below image is only an example.
      repair_selections2_zpsf8t0tzwz.png
    • Please select the following items:
      • 01 - Reset Registry Permissions
      • 02 - Reset File Permissions
      • 03 - Reset Service Permissions
      • 04 - Register System Files
      • 05 - Repair WMI
      • 06 - Repair Windows Firewall
      • 07 - Repair Internet Explorer
      • 09 - Repair Hosts File
      • 10 - Remove Policies Set by Infections
      • 13 - Repair Winsock & DNS Cache
      • 14 - Remove Temp Files
      • 15 - Repair Proxy Settings
      • 16 - Unhide Non System Files
      • 21 - Repair MSI (Windows Installer)
      • 23 - Repair File Associations
      • 26 - Restore Important Windows Services
      • 27 - Set Windows Services to Default Startup
      • 32 - Restore UAC (User Account Control) Settings
      • 33 - Repair Performance Counters
    • Also put a check in the Restart/Shutdown System When Finished (lower right) box and in Restart System
    • Then click on the Start Repairs button if it doesn't do it automatically
    • If it asks you to back up your system click Yes and continue
  • After the program is finished, please open the /logs folder in the same folder as you ran the program from and copy/paste the contents of the Windows Repair log into your next reply.
  • The computer should reboot automatically.
Please also tell me how the computer is running and again check your Internet access.
  • 0

#35
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

heres the log you requested. :)

 

 

 

Tweaking.com - Windows Repair v3.0.0
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: JOSEPH-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Joseph
Current Profile SID: S-1-5-21-2013592473-1583479073-1329353095-1000
Current Profile Classes: S-1-5-21-2013592473-1583479073-1329353095-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Joseph\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:13:53
 
Process Count: 71
Commit Total: 1.60 GB
Commit Limit: 4.24 GB
Commit Peak: 1.69 GB
Handle Count: 17069
Kernel Total: 158.64 MB
Kernel Paged: 113.70 MB
Kernel Non Paged: 44.94 MB
System Cache: 832.57 MB
Thread Count: 749
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 1.46 GB(73.1368%)
Memory Avail.: 549.41 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.00 GB
Memory Used: 1.08 GB(53.8987%)
Memory Avail.: 942.87 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (7/12/2015 12:21:06 AM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 68
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (7/12/2015 12:21:09 AM)
 
   Running Repair Under Current User Account
   Done (7/12/2015 12:22:03 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (7/12/2015 12:22:03 AM)
 
   Running Repair Under System Account
   Done (7/12/2015 12:31:36 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (7/12/2015 12:31:36 AM)
 
   Running Repair Under System Account
   Done (7/12/2015 12:33:27 AM)
 
03 - Reset Service Permissions
   Start (7/12/2015 12:33:27 AM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:34:00 AM)
 
04 - Register System Files
   Start (7/12/2015 12:34:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:34:36 AM)
 
05 - Repair WMI
   Start (7/12/2015 12:34:36 AM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   avast! antivirus Exported.
 
   Exporting AntiSpyware Info...
   avast! antivirus Exported.
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (7/12/2015 12:41:16 AM)
 
06 - Repair Windows Firewall
   Start (7/12/2015 12:41:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:41:26 AM)
 
07 - Repair Internet Explorer
   Start (7/12/2015 12:41:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:41:57 AM)
 
09 - Repair Hosts File
   Start (7/12/2015 12:41:58 AM)
   Running Repair Under System Account
   Done (7/12/2015 12:41:59 AM)
 
10 - Remove Policies Set By Infections
   Start (7/12/2015 12:41:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:42:04 AM)
 
13 - Repair Winsock & DNS Cache
   Start (7/12/2015 12:42:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:42:22 AM)
 
14 - Remove Temp Files
   Start (7/12/2015 12:42:22 AM)
   Running Repair Under System Account
   Done (7/12/2015 12:42:25 AM)
 
15 - Repair Proxy Settings
   Start (7/12/2015 12:42:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:42:27 AM)
 
16 - Unhide Non System Files
   Start (7/12/2015 12:42:27 AM)
   C:\ - Total Files Unhidden: 375 - Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 28 - Check Unhidden_Files.txt for list of files unhidden
   Done (7/12/2015 12:42:54 AM)
 
21 - Repair MSI (Windows Installer)
   Start (7/12/2015 12:42:54 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:09 AM)
 
23.01 - Repair bat Association
   Start (7/12/2015 12:43:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:11 AM)
 
23.02 - Repair cmd Association
   Start (7/12/2015 12:43:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:14 AM)
 
23.03 - Repair com Association
   Start (7/12/2015 12:43:14 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:16 AM)
 
23.04 - Repair Directory Association
   Start (7/12/2015 12:43:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:18 AM)
 
23.05 - Repair Drive Association
   Start (7/12/2015 12:43:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:21 AM)
 
23.06 - Repair exe Association
   Start (7/12/2015 12:43:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:23 AM)
 
23.07 - Repair Folder Association
   Start (7/12/2015 12:43:23 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:25 AM)
 
23.08 - Repair inf Association
   Start (7/12/2015 12:43:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:27 AM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (7/12/2015 12:43:27 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:30 AM)
 
23.10 - Repair msc Association
   Start (7/12/2015 12:43:30 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:32 AM)
 
23.11 - Repair reg Association
   Start (7/12/2015 12:43:32 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:34 AM)
 
23.12 - Repair scr Association
   Start (7/12/2015 12:43:34 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:37 AM)
 
26 - Restore Important Windows Services
   Start (7/12/2015 12:43:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:49 AM)
 
27 - Set Windows Services To Default Startup
   Start (7/12/2015 12:43:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:43:59 AM)
 
32 - Restore UAC (User Account Control) Settings
   Start (7/12/2015 12:43:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/12/2015 12:44:01 AM)
 
33 - Repair Performance Counters
   Start (7/12/2015 12:44:01 AM)
   Running Repair Under Current User Account
   Done (7/12/2015 12:44:24 AM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (7/12/2015 12:44:25 AM)
   Total Repair Time: 00:23:21
 
 
...YOU MUST RESTART YOUR SYSTEM...

  • 0

#36
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Log looks good.  A couple of questions for you:

  1. How is the computer running?
  2. Can you access the Internet now?

Let's Run FSS again to have a look at what the Windows Repair tool was able to do:

 

Run a scan with Farbar Service Scanner (FSS)

Please download Farbar Service Scanner, save it to the Desktop, and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the contents of the log to your reply.

 

 


  • 0

#37
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Note: You can run FSS from your USB stick or the Desktop of the ill computer if you still have a copy there.  Just be careful to post the contents of the new log here please, as there are already FSS logs that have been generated. :)


  • 0

#38
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

Hi there dano! been messing around for about 5 mins seems to be running fairly okay :) whenever i start up the computer i do get a pop up about AVGUI error or something along those lines along with several IOBIT program popups for updates and stuff of that nature but that's all those programs and stuff i came here for originally before we found this other little nasty problem. im currently writing this on the "ill" computer as i type there seems to be a slight lag every so often like its doing some processing that doesn't seem normal.the right click has quite a bit of lag to it as well nothin unbearable but def not the norm.

 

 

Farbar Service Scanner Version: 17-01-2015
Ran by Joseph (administrator) on 12-07-2015 at 23:56:33
Running from "C:\Users\Joseph\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#39
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello jvescov1,

 

More progress! :D  If you have questions or get stuck, let me know and stop where you are please.

 

Here we go...

 

First
Run a registry fix

 

Please download this file (wscsvc.reg) to the Desktop.

Right-click on the file, and select Merge.

Accept any UAC or administrator prompts and acknowledge the registry merge completion message.

If this fails, please stop and let me know the error you get.

Second
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Third
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

 

Fourth
Run FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(http://www.bleepingc...very-scan-tool/)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
  • Make sure the Addition.txt check-box is checked.
    FRST_ScanAddl_zpssilwkotz.png
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the contents of both of those logs back here.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • JRT
  • AdwCleaner
  • FRST.txt
  • Addition.txt

And tell me how the system is running. :)

 


  • 0

#40
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

yay! progress sounds amazing. computer seems to be running good. here are the new logs.

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by Joseph on Mon 07/13/2015 at 13:04:03.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] secureupdatesvc [Reboot required]
Successfully deleted: [Service] vToolbarUpdater18.5.0 [Reboot required]
Successfully deleted: [Service] yahooauservice [Reboot required]
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Joseph)
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\System32\tasks\EPUpdater
Successfully deleted: [Task] C:\Windows\System32\tasks\IHUninstallTrackingTASK
Successfully deleted: [Task] C:\Windows\System32\tasks\PC Optimizer Pro startups
Successfully deleted: [Task] C:\Windows\System32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\Windows\System32\tasks\Uninstaller_SkipUac_Joseph
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23F88292-FB5A-4907-9DCB-119FE1A39D3B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{675C3109-8FD5-4F4F-BA3E-0CB46B6DA0CA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Program Files\GUT95BA.tmp
Successfully deleted: [File] C:\Program Files\GUTC582.tmp
Successfully deleted: [File] C:\Users\Joseph\appdata\local\google\chrome\user data\default\local storage\chrome-extension_icdlfehblmklkikfigmjhbmmpmkmpooj_0.localstorage
Successfully deleted: [File] C:\Users\Joseph\desktop\atdhenettvapp.lnk
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Program Files\secure speed dial
Successfully deleted: [Folder] C:\Program Files\atdhenettvapp.com
Successfully deleted: [Folder] C:\Program Files\avg safeguard toolbar
Successfully deleted: [Folder] C:\Program Files\Common Files\spigot
Successfully deleted: [Folder] C:\Program Files\conduit
Successfully deleted: [Folder] C:\Program Files\dnsbasic
Successfully deleted: [Folder] C:\Program Files\infoatoms
Successfully deleted: [Folder] C:\Program Files\IObit\Driver Booster
Successfully deleted: [Folder] C:\Program Files\mypc backup
Successfully deleted: [Folder] C:\Program Files\out of the park developments
Successfully deleted: [Folder] C:\Program Files\red kawa
Successfully deleted: [Folder] C:\Program Files\winzip registry optimizer
Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\dnsbasic
Successfully deleted: [Folder] C:\ProgramData\esellerate
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\out of the park developments
Successfully deleted: [Folder] C:\ProgramData\out of the park developments
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\tarma installer
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\conduit
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\swvupdater
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\visi_coupon
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\conduit
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\delta
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\microsoft\windows\start menu\programs\atdhenettvapp.com
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\out of the park developments
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\productdata
 
 
 
~~~ FireFox
 
Failed to delete: [File] C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\user.js
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected] [Tracur]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\aol-search.xml
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\safeguard-secure-search.xml
Successfully deleted: [Folder] C:\Program Files\Mozilla Firefox\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\smartbar
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted the following from C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\prefs.js
 
user_pref(CT3287375.1000082.isPlayDisplay, true);
user_pref(CT3287375.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3287375.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.FF19Solved, true);
user_pref(CT3287375.FirstTime, true);
user_pref(CT3287375.FirstTimeFF3, true);
user_pref(CT3287375.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIxMA==);
user_pref(CT3287375.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3287375.PG_ENABLE.enc, dHJ1ZQ==);
user_pref(CT3287375.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3287375.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3287375.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMxNzUyMzMxNDI=);
user_pref(CT3287375.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3287375.UserID, UN40443446851106414);
user_pref(CT3287375.YTbyClickFavorites.enc, W10=);
user_pref(CT3287375.YTbyClickRecent.enc, JTVCJTdCJTIyaWQlMjIlM0ElMjJTQWQzSjZjdnl2RSUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyRHlydXMlMjBEb2luZyUyMFB1c2h1cHMlMjBmb3IlMjAlMjQ1JTIyJTJDJTI
user_pref(CT3287375.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT3287375.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3287375.autoDisableScopes, -1);
user_pref(CT3287375.browser.search.defaultthis.engineName, true);
user_pref(CT3287375.cb_experience_000.enc, Nw==);
user_pref(CT3287375.cb_firstuse0100.enc, MQ==);
user_pref(CT3287375.cb_user_id_000.enc, Q0IyMDcwNDQxMzk1MzlfMTM2NzA0MTcxMTMyN19GaXJlZm94);
user_pref(CT3287375.cbfirsttime.enc, RnJpIEFwciAyNiAyMDEzIDIyOjQ4OjMxIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);
user_pref(CT3287375.defaultSearch, true);
user_pref(CT3287375.embeddedsData, [{\appId\:\10000002\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm
user_pref(CT3287375.enableAlerts, true);
user_pref(CT3287375.enableFix404ByUser, TRUE);
user_pref(CT3287375.enableSearchFromAddressBar, true);
user_pref(CT3287375.firstTimeDialogOpened, true);
user_pref(CT3287375.fixPageNotFoundError, true);
user_pref(CT3287375.fixPageNotFoundErrorByUser, true);
user_pref(CT3287375.fixPageNotFoundErrorInHidden, true);
user_pref(CT3287375.fixUrls, true);
user_pref(CT3287375.fullUserID, UN40443446851106414.UP.20130811132039);
user_pref(CT3287375.homepageuserchanged, true);
user_pref(CT3287375.installDate, 26/4/2013 18:02:58);
user_pref(CT3287375.installId, stub.exe);
user_pref(CT3287375.installSessionId, {1D20C1FD-5541-4CE3-B854-3B5CD8608AD2});
user_pref(CT3287375.installSp, TRUE);
user_pref(CT3287375.installType, conduitnsisintegration);
user_pref(CT3287375.installUsage, 2013-04-27T04:59:31.0165041+03:00);
user_pref(CT3287375.installUsageEarly, 2013-04-27T04:59:24.7609442+03:00);
user_pref(CT3287375.installerVersion, 1.4.1.3);
user_pref(CT3287375.isCheckedStartAsHidden, true);
user_pref(CT3287375.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.isFirstTimeToolbarLoading, false);
user_pref(CT3287375.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3287375.keyword, true);
user_pref(CT3287375.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN4044344685110641
user_pref(CT3287375.lastVersion, 10.16.70.505);
user_pref(CT3287375.mam_gk_appStateReportTime.enc, MTM4MDUwMTYzNjUwNw==);
user_pref(CT3287375.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3287375.mam_gk_appState_PiclickV2.enc, b24=);
user_pref(CT3287375.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3287375.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3287375.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3287375.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3287375.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJkY2E5NjlkMi1kNGEzLTRhODMtYj
user_pref(CT3287375.mam_gk_currentBadgeValue.enc, MA==);
user_pref(CT3287375.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3287375.mam_gk_eventsCache.enc, eyI4YWI5ZWRmZC05NzZmLTQzNWMtYmQ0Ni1mNmJiMDdmYjg0MWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3287375.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3287375.mam_gk_first_time.enc, MQ==);
user_pref(CT3287375.mam_gk_gadgetOpen.enc, MA==);
user_pref(CT3287375.mam_gk_lastLoginTime.enc, MTM4MDUwMTY0OTQwMA==);
user_pref(CT3287375.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3287375.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_newApps.enc, W10=);
user_pref(CT3287375.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3287375.mam_gk_settings1.5.0.3.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT3287375.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3287375.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3287375.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3287375.mam_gk_userId.enc, OTQ2YTljYWEtM2Y0MC00MDBlLTg4NGQtZTkwMzlkNmM5MGY0);
user_pref(CT3287375.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3287375.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3287375.migrateAppsAndComponents, true);
user_pref(CT3287375.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_
user_pref(CT3287375.openThankYouPage, false);
user_pref(CT3287375.openUninstallPage, true);
user_pref(CT3287375.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3287375.price-gong.isManagedApp, true);
user_pref(CT3287375.revertSettingsEnabled, false);
user_pref(CT3287375.search.searchAppId, 10000002);
user_pref(CT3287375.search.searchCount, 0);
user_pref(CT3287375.searchFromAddressBarEnabledByUser, true);
user_pref(CT3287375.searchInNewTabEnabledByUser, true);
user_pref(CT3287375.searchInNewTabEnabledInHidden, true);
user_pref(CT3287375.searchRevert, false);
user_pref(CT3287375.searchSuggestEnabledByUser, true);
user_pref(CT3287375.searchUserMode, 2);
user_pref(CT3287375.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3287375.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3287375\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://Vafmusic.OurToolbar.com//xpi\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\Vafmusic\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367027971523);
user_pref(CT3287375.serviceLayer_services_appsMetadata_lastUpdate, 1367040620523);
user_pref(CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367027971099);
user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367027968659);
user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367027975265);
user_pref(CT3287375.serviceLayer_services_location_lastUpdate, 1367115767529);
user_pref(CT3287375.serviceLayer_services_login_10.15.2.23_lastUpdate, 1367115766437);
user_pref(CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367027971481);
user_pref(CT3287375.serviceLayer_services_searchAPI_lastUpdate, 1367115766224);
user_pref(CT3287375.serviceLayer_services_serviceMap_lastUpdate, 1367115764653);
user_pref(CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367027971055);
user_pref(CT3287375.serviceLayer_services_toolbarSettings_lastUpdate, 1367115765697);
user_pref(CT3287375.serviceLayer_services_translation_lastUpdate, 1367115764808);
user_pref(CT3287375.settingsINI, true);
user_pref(CT3287375.shouldFirstTimeDialog, false);
user_pref(CT3287375.showToolbarPermission, false);
user_pref(CT3287375.smartbar.CTID, CT3287375);
user_pref(CT3287375.smartbar.Uninstall, 0);
user_pref(CT3287375.smartbar.homepage, true);
user_pref(CT3287375.smartbar.toolbarName, Vafmusic );
user_pref(CT3287375.startPage, true);
user_pref(CT3287375.toolbarBornServerTime, 27-4-2013);
user_pref(CT3287375.toolbarCurrentServerTime, 28-4-2013);
user_pref(CT3287375.toolbarLoginClientTime, Fri Apr 26 2013 18:59:31 GMT-0700 (Pacific Daylight Time));
user_pref(CT3287375.url_history0001.enc, aHR0cDovL2Rvd25sb2FkLmNuZXQuY29tL3dpbmRvd3MvOjo6Y2xpY2toYW5kbGVyOjo6MTM2NzA0MTcxMjEwMiwsLGh0dHBzOi8vd3d3Lmdvb2dsZS5jb206OjpjbGlja2h
user_pref(CT3287375.versionFromInstaller, 10.15.2.23);
user_pref(CT3287375_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501595142,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(CT3289847.1000082.isPlayDisplay, true);
user_pref(CT3289847.1000082.state, {\state\:\stopped\,\text\:\1.FM (Cou...\,\description\:\1.FM (Country)\,\url\:\hxxp://1.fm/wm/energycountry32k.asx\});
user_pref(CT3289847.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.FF19Solved, true);
user_pref(CT3289847.FirstTime, true);
user_pref(CT3289847.FirstTimeFF3, true);
user_pref(CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIyNA==);
user_pref(CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3NDYyNDI1NA==);
user_pref(CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MQ==);
user_pref(CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3NDYyNDI1NA==);
user_pref(CT3289847.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3289847.PG_ENABLE.enc, dHJ1ZQ==);
user_pref(CT3289847.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3289847.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3289847.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMyMjk2NTM5ODc=);
user_pref(CT3289847.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN34716991527094572&UM=2&q=);
user_pref(CT3289847.UserID, UN34716991527094572);
user_pref(CT3289847.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT3289847.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3289847.browser.search.defaultthis.engineName, true);
user_pref(CT3289847.cbfirsttime.enc, VHVlIEp1bCAyMyAyMDEzIDE3OjAzOjQ0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);
user_pref(CT3289847.defaultSearch, true);
user_pref(CT3289847.embeddedsData, [{\appId\:\130068661007799818\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3289847.enableAlerts, true);
user_pref(CT3289847.enableFix404ByUser, TRUE);
user_pref(CT3289847.enableSearchFromAddressBar, true);
user_pref(CT3289847.firstTimeDialogOpened, true);
user_pref(CT3289847.fixPageNotFoundError, true);
user_pref(CT3289847.fixPageNotFoundErrorByUser, true);
user_pref(CT3289847.fixPageNotFoundErrorInHidden, true);
user_pref(CT3289847.fixUrls, true);
user_pref(CT3289847.fullUserID, UN34716991527094572.UP.20130818160054);
user_pref(CT3289847.homepageuserchanged, true);
user_pref(CT3289847.hxxp___api18_similarsites_com.pid2.enc, ZWQ4MTJkMzJkMTUyNjliNw==);
user_pref(CT3289847.hxxp___api28_starwebnet_com.pid2.enc, Mzg5NDZkM2MtODBkOC0zNjI1LTUxMWMtMGYwN2YyZmM3NzFk);
user_pref(CT3289847.hxxp___api29_starwebnet_com.pid2.enc, ODk5YjU0NjktN2E2Yy1jYzc0LTk1MTAtZWRhNWUzYWE1ZDY5);
user_pref(CT3289847.hxxp___api30_starwebnet_com.pid2.enc, Y2JjOTRkMTUtYjNlOC1lZTZhLWY2N2YtNmZkM2M3MDhmMDA4);
user_pref(CT3289847.hxxp___api32_starwebnet_com.pid2.enc, YWIyYjg0ZTYtOGIwYy02ZmVlLTNhNjMtMjgxODhhNzYwNzA2);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc, cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc, eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc, eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc, ZjYxZTIzYmMtNzUwMC0zZTExLWU0ZDAtMGFiODNlYjkzZjVi);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc, MjAxMjA4MDItMDAw);
user_pref(CT3289847.installDate, 26/4/2013 18:04:03);
user_pref(CT3289847.installId, 9818);
user_pref(CT3289847.installSessionId, -1);
user_pref(CT3289847.installSp, TRUE);
user_pref(CT3289847.installType, conduitnsisintegration);
user_pref(CT3289847.installerVersion, 1.4.1.3);
user_pref(CT3289847.isCheckedStartAsHidden, true);
user_pref(CT3289847.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.isFirstTimeToolbarLoading, false);
user_pref(CT3289847.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3289847.keyword, true);
user_pref(CT3289847.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN3471699152709457
user_pref(CT3289847.lastVersion, 10.16.9.506);
user_pref(CT3289847.mam_gk_appStateReportTime.enc, MTM4MDUwMTY1NTc2Ng==);
user_pref(CT3289847.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3289847.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3289847.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3289847.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3289847.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3289847.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3289847.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3289847.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImNkN2U4ZDI3LWJlNDEtNDcxYi1iMDViLTZjZWUyNm
user_pref(CT3289847.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3289847.mam_gk_eventsCache.enc, eyJkMjg3Nzg4OC1lZWUxLTQ2MDEtOTA3NC03MDdiYmNiMjhiOWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3289847.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3289847.mam_gk_first_time.enc, MQ==);
user_pref(CT3289847.mam_gk_gadgetOpen.enc, MA==);
user_pref(CT3289847.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3289847.mam_gk_lastLoginTime.enc, MTM3NjI1MjQ4MTA5OQ==);
user_pref(CT3289847.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3289847.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI
user_pref(CT3289847.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT3289847.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5j
user_pref(CT3289847.mam_gk_settings1.8.0.999.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIj
user_pref(CT3289847.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3289847.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3289847.mam_gk_userId.enc, NDcwOGI3NGItZjAyMS00OTMxLWIwN2EtY2U2NTkzYWVhMmFh);
user_pref(CT3289847.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3289847.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3289847.migrateAppsAndComponents, true);
user_pref(CT3289847.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_
user_pref(CT3289847.openThankYouPage, false);
user_pref(CT3289847.openUninstallPage, true);
user_pref(CT3289847.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3289847.price-gong.isManagedApp, true);
user_pref(CT3289847.revertSettingsEnabled, true);
user_pref(CT3289847.search.searchAppId, 130068661007799818);
user_pref(CT3289847.search.searchCount, 0);
user_pref(CT3289847.searchFromAddressBarEnabledByUser, true);
user_pref(CT3289847.searchInNewTabEnabledByUser, true);
user_pref(CT3289847.searchInNewTabEnabledInHidden, true);
user_pref(CT3289847.searchRevert, true);
user_pref(CT3289847.searchSuggestEnabledByUser, true);
user_pref(CT3289847.searchUserMode, 2);
user_pref(CT3289847.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3289847.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3289847\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://WhiteSmokeNew.OurToolbar.com//xpi\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\WhiteSmoke New\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367024990417);
user_pref(CT3289847.serviceLayer_services_appsMetadata_lastUpdate, 1367024989655);
user_pref(CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367024989748);
user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367444761338);
user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367444761339);
user_pref(CT3289847.serviceLayer_services_location_lastUpdate, 1367024987072);
user_pref(CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate, 1367115761289);
user_pref(CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367024989791);
user_pref(CT3289847.serviceLayer_services_searchAPI_lastUpdate, 1367024987079);
user_pref(CT3289847.serviceLayer_services_serviceMap_lastUpdate, 1367115759725);
user_pref(CT3289847.serviceLayer_services_setupAPI_lastUpdate, 1367024990448);
user_pref(CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367024989711);
user_pref(CT3289847.serviceLayer_services_toolbarSettings_lastUpdate, 1367115761270);
user_pref(CT3289847.serviceLayer_services_translation_lastUpdate, 1367115761095);
user_pref(CT3289847.settingsINI, true);
user_pref(CT3289847.shouldFirstTimeDialog, false);
user_pref(CT3289847.showToolbarPermission, false);
user_pref(CT3289847.smartbar.CTID, CT3289847);
user_pref(CT3289847.smartbar.Uninstall, 0);
user_pref(CT3289847.smartbar.homepage, true);
user_pref(CT3289847.smartbar.toolbarName, WhiteSmoke New );
user_pref(CT3289847.startPage, true);
user_pref(CT3289847.toolbarBornServerTime, 27-4-2013);
user_pref(CT3289847.toolbarCurrentServerTime, 28-4-2013);
user_pref(CT3289847.toolbarLoginClientTime, Tue Apr 30 2013 19:56:48 GMT-0700 (Pacific Daylight Time));
user_pref(CT3289847.url_history0001.enc, aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjcwMjU1NDIwMDE=);
user_pref(CT3289847.versionFromInstaller, 10.14.380.14);
user_pref(CT3289847_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501593902,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(CT3291326.1000082.isPlayDisplay, true);
user_pref(CT3291326.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3291326.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.FF19Solved, true);
user_pref(CT3291326.FirstTime, true);
user_pref(CT3291326.FirstTimeFF3, true);
user_pref(CT3291326.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3291326.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(CT3291326.UserID, UN53133852618265168);
user_pref(CT3291326.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3291326.autoDisableScopes, 15);
user_pref(CT3291326.browser.search.defaultthis.engineName, true);
user_pref(CT3291326.countryCode, US);
user_pref(CT3291326.defaultSearch, true);
user_pref(CT3291326.embeddedsData, [{\appId\:\130075605275743079\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3291326.enableAlerts, true);
user_pref(CT3291326.enableFix404ByUser, TRUE);
user_pref(CT3291326.enableSearchFromAddressBar, true);
user_pref(CT3291326.enlargeSearchBox, {\enabled\:true,\maxWidth\:1000,\minWidth\:250,\width\:500});
user_pref(CT3291326.firstTimeDialogOpened, true);
user_pref(CT3291326.fixPageNotFoundError, true);
user_pref(CT3291326.fixPageNotFoundErrorByUser, true);
user_pref(CT3291326.fixPageNotFoundErrorInHidden, true);
user_pref(CT3291326.fixUrls, true);
user_pref(CT3291326.fullUserID, UN53133852618265168.IN.20130713102155);
user_pref(CT3291326.installDate, 13/07/2013 10:21:53);
user_pref(CT3291326.installId, stub.exe);
user_pref(CT3291326.installSessionId, {10EAE2A8-CA68-4CC9-9AAF-8F7D2D25BC86});
user_pref(CT3291326.installSp, TRUE);
user_pref(CT3291326.installType, conduitnsisintegration);
user_pref(CT3291326.installUsage, 2013-07-24T03:02:42.5666644+03:00);
user_pref(CT3291326.installUsageEarly, 2013-07-24T03:02:28.3875+03:00);
user_pref(CT3291326.installerVersion, 1.5.4.4);
user_pref(CT3291326.isCheckedStartAsHidden, true);
user_pref(CT3291326.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.isFirstTimeToolbarLoading, false);
user_pref(CT3291326.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3291326.keyword, true);
user_pref(CT3291326.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN5313385261826516
user_pref(CT3291326.lastVersion, 10.16.70.505);
user_pref(CT3291326.mam_gk_appStateReportTime.enc, MTM4MDUwMTY0OTczNQ==);
user_pref(CT3291326.mam_gk_appState_ACplus.enc, b24=);
user_pref(CT3291326.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Discover.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Find-a-Pro.enc, b24=);
user_pref(CT3291326.mam_gk_appState_PiclickV2-WebSearch.enc, b24=);
user_pref(CT3291326.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3291326.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3291326.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3291326.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3291326.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3291326.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJiYTk1YzRhNS1kY2VjLTRkYTUtYT
user_pref(CT3291326.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3291326.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3291326.mam_gk_first_time.enc, MQ==);
user_pref(CT3291326.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3291326.mam_gk_lastLoginTime.enc, MTM4MDUwMTY1MzMwOQ==);
user_pref(CT3291326.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3291326.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3291326.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3291326.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3291326.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3291326.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3291326.mam_gk_userId.enc, MDFhMTA5NjktMjQ2NS00NmVkLTgyMzAtMzlhMDcxYmI1MGNh);
user_pref(CT3291326.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3291326.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3291326.migrateAppsAndComponents, true);
user_pref(CT3291326.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_
user_pref(CT3291326.openThankYouPage, false);
user_pref(CT3291326.openUninstallPage, true);
user_pref(CT3291326.originalHomepage, hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff);
user_pref(CT3291326.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3291326.originalSearchEngine, Yahoo);
user_pref(CT3291326.originalSearchEngineName, Yahoo);
user_pref(CT3291326.price-gong.isManagedApp, true);
user_pref(CT3291326.revertSettingsEnabled, false);
user_pref(CT3291326.search.searchAppId, 130075605275743079);
user_pref(CT3291326.search.searchCount, 0);
user_pref(CT3291326.searchFromAddressBarEnabledByUser, true);
user_pref(CT3291326.searchInNewTabEnabledByUser, true);
user_pref(CT3291326.searchInNewTabEnabledInHidden, true);
user_pref(CT3291326.searchRevert, false);
user_pref(CT3291326.searchSuggestEnabledByUser, true);
user_pref(CT3291326.searchUserMode, 2);
user_pref(CT3291326.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3291326\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://KeyBar113.OurToolbar.com//xpi\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\KeyBar 1.13\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3291326.serviceLayer_services_Configuration_lastUpdate, 1374624153660);
user_pref(CT3291326.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1374624161899);
user_pref(CT3291326.serviceLayer_services_appsMetadata_lastUpdate, 1374624161807);
user_pref(CT3291326.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1374624161761);
user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1374624152177);
user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1374624164575);
user_pref(CT3291326.serviceLayer_services_login_10.16.4.19_lastUpdate, 1374624162965);
user_pref(CT3291326.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1374624161722);
user_pref(CT3291326.serviceLayer_services_searchAPI_lastUpdate, 1374624153718);
user_pref(CT3291326.serviceLayer_services_serviceMap_lastUpdate, 1374624145522);
user_pref(CT3291326.serviceLayer_services_toolbarContextMenu_lastUpdate, 1374624161676);
user_pref(CT3291326.serviceLayer_services_toolbarSettings_lastUpdate, 1374624153535);
user_pref(CT3291326.serviceLayer_services_translation_lastUpdate, 1374624161886);
user_pref(CT3291326.settingsINI, true);
user_pref(CT3291326.shouldFirstTimeDialog, false);
user_pref(CT3291326.showToolbarPermission, false);
user_pref(CT3291326.smartbar.CTID, CT3291326);
user_pref(CT3291326.smartbar.Uninstall, 0);
user_pref(CT3291326.smartbar.homepage, true);
user_pref(CT3291326.smartbar.toolbarName, KeyBar 1.13 );
user_pref(CT3291326.startPage, true);
user_pref(CT3291326.toolbarBornServerTime, 24-7-2013);
user_pref(CT3291326.toolbarCurrentServerTime, 24-7-2013);
user_pref(CT3291326.toolbarLoginClientTime, Tue Jul 23 2013 17:02:42 GMT-0700 (Pacific Daylight Time));
user_pref(CT3291326.versionFromInstaller, 10.16.4.19);
user_pref(CT3291326.xpeMode, 3);
user_pref(CT3291326_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501596060,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN53133852618265168&UM=2&UP=SP77F3F47A-2BCD-48F1-873F
user_pref(Smartbar.ConduitSearchEngineList, KeyBar 1.13 Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(Smartbar.keywordURLSelectedCTID, CT3291326);
user_pref(aim_toolbar.search.searchtype, web);
user_pref(aim_toolbar.winamp.volume, );
user_pref(aol_toolbar.surf.date, 92);
user_pref(aol_toolbar.surf.lastDate, 26);
user_pref(aol_toolbar.surf.lastMonth, 3);
user_pref(aol_toolbar.surf.lastYear, 2013);
user_pref(aol_toolbar.surf.month, 4908);
user_pref(aol_toolbar.surf.prevMonth, 407);
user_pref(aol_toolbar.surf.total, 13137);
user_pref(aol_toolbar.surf.week, 784);
user_pref(aol_toolbar.surf.year, 5314);
user_pref(browser.newtab.url, hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=4E0C0019D1E594AB&tsp=5004);
user_pref(browser.startup.homepage, hxxp://mysearch.avg.com/?cid={B07D9E15-0CCE-4409-BDE5-174C9E77CA75}&mid=db26c891e11a47d3b6bed15097017d58-e7cb49739f079b51e65b1a425a1abfc
user_pref(extensions.bootstrappedAddons, {\[email protected]\:{\version\:\1.2\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\Joseph\\\\AppData\\\\Ro
user_pref(extensions.crossrider.bic, 13e4909e938b10fc54d00fc3db53bbb3);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 4e0c29b00000000000000019d1e594ab);
user_pref(extensions.delta.instlDay, 15961);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.24.6);
user_pref(extensions.delta.vrsnTs, 1.8.24.611:30:51);
user_pref(extensions.delta.vrsni, 1.8.24.6);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, tsp=5004);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extensions.dnsbasic.init, true);
user_pref(keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(smartbar.addressBarOwnerCTID, CT3291326);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN40443446851106414&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287375&oct
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=,hxxp://search.condui
user_pref(smartbar.defaultSearchOwnerCTID, CT3291326);
user_pref(smartbar.homePageOwnerCTID, CT3291326);
user_pref(smartbar.machineId, XKUBU+QFAQIIYDNRB5Z52AJUMWCV5DQXYCKDR0IKEST7OIRAKK8Y59C1JZC9YCZMETF4CF6HD7BIDFUHGDH2YG);
user_pref(smartbar.originalHomepage, data:text/plain,browser.startup.homepage=hxxp://search.yahoo.com/firefox/?fr=yff80-sfp);
user_pref(smartbar.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(smartbar.originalSearchEngine, false);
Emptied folder: C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\minidumps [36 files]
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\background.js
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\ContentScript.js
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\manifest.json
 
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
 
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ndibdjnfmopecpmkdieinmbadjfpblof
 
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  hbcennhacfaagdopikcegfcobcadeocj,
  hhbgpoakplhahbklhkcfbpicgjcaoglk,
  icdlfehblmklkikfigmjhbmmpmkmpooj,
  mhkaekfpcppmmioggniknbnbdbcigpkk,
  ndibdjnfmopecpmkdieinmbadjfpblof,
  pfndaklgolladniicklehhancnlgocpp
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/13/2015 at 13:19:35.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 

 

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 13:27:26
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Joseph - JOSEPH-PC
# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : SecureUpdateSvc
Service Found : YahooAUService
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Found : C:\Program Files\Mozilla Firefox\nsprotector.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp
Folder Found : C:\OpenCandy
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Secure Speed Dial
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_0415tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
 
***** [ Scheduled tasks ] *****
 
Task Found : EPUpdater
Task Found : IHUninstallTrackingTASK
Task Found : PC Optimizer Pro Startups
Task Found : 0415tbUpdateInfo
Task Found : 1214tbUpdateInfo
Task Found : 0415tbUpdateInfo
Task Found : 1214tbUpdateInfo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45F267AE-311F-43E2-BDAA-00D059B93BF9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\vShare.tv
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\DnsBasic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh
Key Found : HKLM\SOFTWARE\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18999
 
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
[fb63icx9.default] - Line Found : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
[fb63icx9.default] - Line Found : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN40443446851106414&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default] - Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default] - Line Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN34716991527094572&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default] - Line Found : user_pref("CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3291326.embeddedsData", "[{\"appId\":\"130075605275743079\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default] - Line Found : user_pref("CT3291326.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN53133852618265168&SSPV=&Lay=1&UM=2\"}");
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=45b45b30-fd9f-11e0-ba8b-0019d1e594ab&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120326A2AC42449290F8166B64F47B&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18232546152612525&ctid=CT3291326&UM=2
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=4E0C0019D1E594AB&tsp=5004
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [15331 bytes] - [13/07/2015 13:27:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15391 bytes] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Joseph (administrator) on JOSEPH-PC on 13-07-2015 13:33:46
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{965A1934-2571-4C7F-90EF-B14DB928B21D}\43.0.2357.132_chrome_installer.exe
(Google Inc.) C:\Windows\temp\CR_3EA22.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: javascript - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default
FF DefaultSearchEngine: 
FF DefaultSearchUrl: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](302).net [2014-12-13]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](303).net [2014-12-13]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]
FF Extension: Vafmusic  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]
FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-12-16]
FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 13:33 - 2015-07-13 13:37 - 00023437 _____ C:\Users\Joseph\Desktop\FRST.txt
2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion
2015-07-13 13:26 - 2015-07-13 13:29 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe
2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt
2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe
2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy
2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup
2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt
2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe
2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe
2015-06-14 23:36 - 2015-06-14 23:36 - 00000695 _____ C:\Users\Joseph\Desktop\NTREGOPT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000676 _____ C:\Users\Joseph\Desktop\ERUNT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\Program Files\ERUNT
2015-06-14 23:35 - 2015-06-14 23:32 - 00791393 _____ (Lars Hederer ) C:\Users\Joseph\Desktop\erunt-setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 13:34 - 2015-06-07 15:01 - 00000000 ____D C:\FRST
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-13 13:10 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 13:10 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-13 13:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-13 13:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 13:01 - 2006-11-02 05:52 - 01565971 _____ C:\Windows\WindowsUpdate.log
2015-07-13 12:54 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
2015-07-13 12:47 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 12:47 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys
2015-07-13 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 00:11 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log
2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log
2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-06-14 23:36 - 2008-11-27 14:13 - 00000000 ____D C:\Windows\ERDNT
 
==================== Files in the root of some directories =======
 
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat
2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf
2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log
2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys
2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png
2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd
2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt
2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat
2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat
2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
 
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 12:53
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Joseph at 2015-07-13 13:39:20
Running from C:\Users\Joseph\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2013592473-1583479073-1329353095-500 - Administrator - Disabled)
Guest (S-1-5-21-2013592473-1583479073-1329353095-501 - Limited - Disabled)
Joseph (S-1-5-21-2013592473-1583479073-1329353095-1000 - Administrator - Enabled) => C:\Users\Joseph
UpdatusUser (S-1-5-21-2013592473-1583479073-1329353095-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2Wire Wireless Manager (HKLM\...\{3CE11B98-C61C-4692-9E0E-59934761C3BE}) (Version: 1.1.8.0 - 2Wire)
2WIREUSBWLANInstaller (HKLM\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
AccelerateTab (HKLM\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
ATT-HSI (HKLM\...\ATT-HSI) (Version:  - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
DiskAid 3.11 (HKLM\...\DiskAid_is1) (Version: 3.11 - DigiDNA)
DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version:  - )
Dream Aquarium (HKLM\...\Dream Aquarium_is1) (Version: 1.0700 - )
Dream Aquarium (HKLM\...\DreamAqua) (Version:  - )
Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)
DVD Audio Ripper 4 (HKLM\...\DVD Audio Ripper 4) (Version: 4.0.71.0314 - ImTOO)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HDVidCodec (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
InfoAtoms (HKLM\...\InfoAtoms) (Version: 1.4.0.0 - InfoAtoms)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 4.6.0 (HKLM\...\{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Out of the Park Baseball 6 (HKLM\...\Out of the Park Baseball 6) (Version:  - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photoshop Cs4 Ultra 1.1 (HKLM\...\Photoshop Cs4 Ultra 1.1) (Version:  - )
Pixillion Image Converter (HKLM\...\Pixillion) (Version:  - NCH Software)
Portal 2 (HKLM\...\Postal 2_is1) (Version:  - )
Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version:  - Dancool999)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)
Side 9 Screensaver (HKLM\...\Side 9 Screensaver) (Version:  - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TruePoker (High Res) (HKLM\...\TruePoker (High Res)) (Version:  - )
TruePoker (HKLM\...\TruePoker) (Version:  - )
TVersity Codec Pack 1.2 (HKLM\...\TVersity Codec Pack) (Version: 1.2 - TVersity Inc.)
Videora iPod Converter 4.04 (HKLM\...\Videora iPod Converter) (Version: 4.04 - Red Kawa)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WinAVI Video Converter (HKLM\...\WinAVI Video Converter 10.0_is1) (Version:  - ZJ Computing,Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.5 (HKLM\...\winscp3_is1) (Version: 4.2.5 - Martin Prikryl)
WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden
Xobni (HKLM\...\XobniMain) (Version:  - Xobni Corp.)
Xobni Core (Version: 1.0.0 - Xobni, Inc.) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
YouTube Downloader App 1.03 (HKLM\...\YouTube Downloader App) (Version: 1.03 - Regensoft)
YouTubeGet 5.2.3 (HKLM\...\YouTubeGet_is1) (Version:  - YouTubeGet Developer Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B0-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B1-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll (Yahoo! Inc.)
 
==================== Restore Points =========================
 
09-06-2015 01:05:43 Windows Update
10-06-2015 00:48:08 Scheduled Checkpoint
10-06-2015 02:31:08 Windows Update
10-06-2015 21:03:39 avast! Free Antivirus Setup
10-06-2015 21:23:39 avast! Free Antivirus Setup
11-06-2015 02:31:36 Windows Update
11-06-2015 20:47:19 Scheduled Checkpoint
12-06-2015 01:00:46 Windows Update
13-06-2015 00:00:06 Scheduled Checkpoint
13-06-2015 01:01:10 Windows Update
14-06-2015 00:14:07 Scheduled Checkpoint
14-06-2015 01:01:27 Windows Update
10-07-2015 00:42:34 Windows Update
11-07-2015 01:33:09 Windows Update
12-07-2015 00:16:42 Tweaking.com - Windows Repair
12-07-2015 00:56:59 Windows Update
13-07-2015 12:49:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-11-16 19:09 - 2015-07-12 00:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {33E1ABFC-4A6C-41DC-8332-0B3E70A3EFCE} - System32\Tasks\{F149BD0B-3DD3-4EDB-B4A5-3ECB3FF1DE20} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4413C5A7-8FC0-4C94-B452-AFFA060CEBCB} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe [2015-05-12] ()
Task: {4B2C630E-74E9-4C07-B649-AEBA7C0AF13A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {652595CA-2796-45B2-97C5-1C9C127C24AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {9ED3C95C-BCB8-4C7D-8D3C-482F26049DD8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BC8433A0-0791-4ECD-9445-A2666E0D8780} - System32\Tasks\ASC8_SkipUac_Joseph => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)
Task: {C0D0C629-F3A1-4606-B022-1EBCD5859A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C314673B-BB0D-4B7A-BE41-C3B3BB8B5B30} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C4B9A509-CC34-4FAA-AFD3-7125C97F596C} - System32\Tasks\{606519EC-1B91-4A4A-891F-A3BED96803D3} => pcalua.exe -a "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" -c /u:PokerStars.net
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {D21B6FE0-D20C-49BE-A33D-57AE4FB0AF1F} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe [2009-08-03] ()
Task: {DC75239F-AA37-4F74-9B3E-926E43D59010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-13] (Adobe Systems Incorporated)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E148B685-8D01-4E3C-977A-818753DBF65B} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2006-12-05] (Microsoft Corporation)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {E9B271DD-ED82-4CAF-A49A-61734B52F895} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe [2014-12-15] ()
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {F432B34D-4D54-4C74-BB3D-0659F374FAFD} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2006-12-05] (Microsoft Corporation)
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-11-20 15:13 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-15 01:43 - 2010-04-29 11:30 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57436731.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57436731.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\motive.com -> hxxps://patttbc.att.motive.com
 
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
 
There are 6352 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-2013592473-1583479073-1329353095-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\eedf631b-4376-4fc5-9057-1c6c8142bceb.exe /check
MSCONFIG\startupreg: 2Wire Wireless Manager => "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
MSCONFIG\startupreg: AllShareAgent => 
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: avast! => C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ISW.exe => "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0x1460, application start time 0xavgui.exe0.
 
Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xbec, application start time 0xavgui.exe0.
 
Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xbc0, application start time 0xavgui.exe0.
 
Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
System errors:
=============
Error: (07/13/2015 01:22:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (07/13/2015 01:12:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Modules Installer%%1056
 
Error: (07/13/2015 01:11:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Media Player Network Sharing Service%%1056
 
Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service
 
Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NVIDIA Update Service Daemon1
 
Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant1100001Restart the service
 
Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Yahoo! Updater1
 
Error: (07/13/2015 01:10:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Restart the service
 
Error: (07/13/2015 01:10:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XobniService1
 
Error: (07/13/2015 01:10:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: vToolbarUpdater18.5.01
 
 
Microsoft Office:
=========================
Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eed146001d0bda6ec038367
 
Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbec01d0bda4b3867677
 
Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
 
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbc001d0bd383bd3bba7
 
Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
 
Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
 
Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-13 13:36:09.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:08.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:08.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:08.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:08.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:07.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:07.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 13:36:07.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:43.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-07 15:03:43.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 2045.21 MB
Available physical RAM: 775.31 MB
Total Virtual: 4339.39 MB
Available Virtual: 2344.28 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:204.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 

  • 0

Advertisements


#41
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, let's keep the ball rolling here... :)
 
First
Programs uninstall
Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:

  • AccelerateTab
  • Ad-Aware (if it isn't a paid version)
  • Advanced SystemCare 8 (IObit reputation)
  • AVG SafeGuard toolbar
  • Bonjour (application errors)
  • HDVidCodec
  • IObit Malware Fighter 3 (IObit reputation)
  • IObit Uninstaller (IObit reputation)
  • Pando Media Booster
  • Smart Defrag 4 (IObit reputation)
  • Surfing Protection (IObit reputation)
  • TVersity Codec Pack 1.2
  • vShare.tv plugin 1.3

Second
Run AdwCleaner

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Third
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the DesktopAttached File  fixlist.txt   9.88KB   35 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • AdwCleaner log
  • FRST fixlog.txt

And tell me how the system is running. :)


  • 0

#42
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

so when i try to uninstall accelerated tab it says "an error occurred while trying to uninstall accelerated tab it may have already been uninstalled."  "would you like to remove it from the programs and features list?" same thing with AVG toolbar. also the HDVidCodec,vShare.tv plugin apps are no where to be found.

 

FRST ran and restarted the computer but nothing happened upon restart no log or anything theres one on my computer but im pretty sure its the one from the last time we ran as the date at the top is 7/13/15 i will post it anyways just in case as its the only frst text file on my desktop.

 

# AdwCleaner v4.208 - Logfile created 14/07/2015 at 21:43:08
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Joseph - JOSEPH-PC
# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\OpenCandy
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0415tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\Program Files\Secure Speed Dial
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected]
Folder Deleted : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg
File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj
File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj
File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk
File Deleted : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : 0415tbUpdateInfo
Task Deleted : 1214tbUpdateInfo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23F88292-FB5A-4907-9DCB-119FE1A39D3B}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\DnsBasic
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\W3I
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45F267AE-311F-43E2-BDAA-00D059B93BF9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18999
 
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN40443446851106414&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN34716991527094572&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.embeddedsData", "[{\"appId\":\"130075605275743079\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default\prefs.js] - Line Deleted : user_pref("CT3291326.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN53133852618265168&SSPV=&Lay=1&UM=2\"}");
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=45b45b30-fd9f-11e0-ba8b-0019d1e594ab&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120326A2AC42449290F8166B64F47B&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18232546152612525&ctid=CT3291326&UM=2
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=4E0C0019D1E594AB&tsp=5004
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [15471 bytes] - [13/07/2015 13:27:26]
AdwCleaner[R1].txt - [15574 bytes] - [14/07/2015 21:40:32]
AdwCleaner[S0].txt - [15733 bytes] - [14/07/2015 21:43:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15793  bytes] ##########
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Joseph (administrator) on JOSEPH-PC on 13-07-2015 13:33:46
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{965A1934-2571-4C7F-90EF-B14DB928B21D}\43.0.2357.132_chrome_installer.exe
(Google Inc.) C:\Windows\temp\CR_3EA22.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> {A8EF7510-0694-4821-81CB-4F8249E441AE} URL = http://search.yahoo....ms}&fr=chr-atty
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: javascript - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default
FF DefaultSearchEngine: 
FF DefaultSearchUrl: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](302).net [2014-12-13]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected](303).net [2014-12-13]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2015-03-01]
FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2011-08-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]
FF Extension: Vafmusic  - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]
FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2012-12-16]
FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\[email protected] [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2013-08-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX™)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 13:33 - 2015-07-13 13:37 - 00023437 _____ C:\Users\Joseph\Desktop\FRST.txt
2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion
2015-07-13 13:26 - 2015-07-13 13:29 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe
2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt
2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe
2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy
2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista-™-Home-Premium-(32-bit).dat
2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup
2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt
2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe
2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe
2015-06-14 23:36 - 2015-06-14 23:36 - 00000695 _____ C:\Users\Joseph\Desktop\NTREGOPT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000676 _____ C:\Users\Joseph\Desktop\ERUNT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\Program Files\ERUNT
2015-06-14 23:35 - 2015-06-14 23:32 - 00791393 _____ (Lars Hederer ) C:\Users\Joseph\Desktop\erunt-setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 13:34 - 2015-06-07 15:01 - 00000000 ____D C:\FRST
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-13 13:10 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 13:10 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-13 13:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-13 13:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 13:01 - 2006-11-02 05:52 - 01565971 _____ C:\Windows\WindowsUpdate.log
2015-07-13 12:54 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
2015-07-13 12:47 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 12:47 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys
2015-07-13 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 00:11 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log
2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log
2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-06-14 23:36 - 2008-11-27 14:13 - 00000000 ____D C:\Windows\ERDNT
 
==================== Files in the root of some directories =======
 
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat
2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf
2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log
2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys
2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png
2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd
2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt
2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat
2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat
2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
 
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 12:53
 
==================== End of log ============================

Edited by Jvescov1, 14 July 2015 - 11:03 PM.

  • 0

#43
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, don't worry about the program uninstall messages.
 
You are correct on the date in the FRST log.  It is from a scan, not our fix.  Is there any chance you downloaded FRST.exe and the fixlist.txt file to your Downloads folder?
 
Run FRST.exe from your Desktop, and in the Search: box, type fixlog.txt and click the Search Files button:
FRST_search_zpsg2h2vmye.png
 
Wait several seconds and it will tell you it's done and open a text file (search.txt) on your Desktop. Post the contents of this text file in your reply please.

 

If you do find the fixlog.txt file from July 14th (yesterday), please post the contents of that as well. :)


  • 0

#44
Jvescov1

Jvescov1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

think i figured it out ran a new one how does this look?

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Joseph at 2015-07-15 22:33:30 Run:3
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] ()
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
SearchScopes: HKU\.DEFAULT -> {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} URL = http://www.dnsbasic....s={searchTerms}
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL = 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} ->  No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Handler: javascript - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S2 adfs; No ImagePath
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************

  • 0

#45
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

That's only half of the log... where's the rest?  What's there only shows my fix from the fixlist.txt file I made for you, not the result of the fix. :headscratch:

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP