yay! progress sounds amazing. computer seems to be running good. here are the new logs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows Vista Home Premium x86
Ran by Joseph on Mon 07/13/2015 at 13:04:03.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] secureupdatesvc [Reboot required]
Successfully deleted: [Service] vToolbarUpdater18.5.0 [Reboot required]
Successfully deleted: [Service] yahooauservice [Reboot required]
~~~ Tasks
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Joseph)
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\System32\tasks\EPUpdater
Successfully deleted: [Task] C:\Windows\System32\tasks\IHUninstallTrackingTASK
Successfully deleted: [Task] C:\Windows\System32\tasks\PC Optimizer Pro startups
Successfully deleted: [Task] C:\Windows\System32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\Windows\System32\tasks\Uninstaller_SkipUac_Joseph
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2013592473-1583479073-1329353095-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23F88292-FB5A-4907-9DCB-119FE1A39D3B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{675C3109-8FD5-4F4F-BA3E-0CB46B6DA0CA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311431162}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8}
~~~ Files
Successfully deleted: [File] C:\Program Files\GUT95BA.tmp
Successfully deleted: [File] C:\Program Files\GUTC582.tmp
Successfully deleted: [File] C:\Users\Joseph\appdata\local\google\chrome\user data\default\local storage\chrome-extension_icdlfehblmklkikfigmjhbmmpmkmpooj_0.localstorage
Successfully deleted: [File] C:\Users\Joseph\desktop\atdhenettvapp.lnk
~~~ Folders
Failed to delete: [Folder] C:\Program Files\secure speed dial
Successfully deleted: [Folder] C:\Program Files\atdhenettvapp.com
Successfully deleted: [Folder] C:\Program Files\avg safeguard toolbar
Successfully deleted: [Folder] C:\Program Files\Common Files\spigot
Successfully deleted: [Folder] C:\Program Files\conduit
Successfully deleted: [Folder] C:\Program Files\dnsbasic
Successfully deleted: [Folder] C:\Program Files\infoatoms
Successfully deleted: [Folder] C:\Program Files\IObit\Driver Booster
Successfully deleted: [Folder] C:\Program Files\mypc backup
Successfully deleted: [Folder] C:\Program Files\out of the park developments
Successfully deleted: [Folder] C:\Program Files\red kawa
Successfully deleted: [Folder] C:\Program Files\winzip registry optimizer
Successfully deleted: [Folder] C:\ProgramData\avg safeguard toolbar
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\dnsbasic
Successfully deleted: [Folder] C:\ProgramData\esellerate
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\out of the park developments
Successfully deleted: [Folder] C:\ProgramData\out of the park developments
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\tarma installer
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\conduit
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\swvupdater
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\visi_coupon
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\avg safeguard toolbar
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\conduit
Successfully deleted: [Folder] C:\Users\Joseph\appdata\locallow\delta
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\microsoft\windows\start menu\programs\atdhenettvapp.com
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\out of the park developments
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\productdata
~~~ FireFox
Failed to delete: [File] C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\user.js
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\
[email protected] [Tracur]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\
[email protected]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\
[email protected]
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\aol-search.xml
Successfully deleted: [File] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\searchplugins\safeguard-secure-search.xml
Successfully deleted: [Folder] C:\Program Files\Mozilla Firefox\extensions\
[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\smartbar
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\
[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\
[email protected]
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
Successfully deleted: [Folder] C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\
[email protected]
Successfully deleted the following from C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\prefs.js
user_pref(CT3287375.1000082.isPlayDisplay, true);
user_pref(CT3287375.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3287375.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.FF19Solved, true);
user_pref(CT3287375.FirstTime, true);
user_pref(CT3287375.FirstTimeFF3, true);
user_pref(CT3287375.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIxMA==);
user_pref(CT3287375.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3287375.PG_ENABLE.enc, dHJ1ZQ==);
user_pref(CT3287375.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3287375.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3287375.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMxNzUyMzMxNDI=);
user_pref(CT3287375.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3287375.UserID, UN40443446851106414);
user_pref(CT3287375.YTbyClickFavorites.enc, W10=);
user_pref(CT3287375.YTbyClickRecent.enc, JTVCJTdCJTIyaWQlMjIlM0ElMjJTQWQzSjZjdnl2RSUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyRHlydXMlMjBEb2luZyUyMFB1c2h1cHMlMjBmb3IlMjAlMjQ1JTIyJTJDJTI
user_pref(CT3287375.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT3287375.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3287375.autoDisableScopes, -1);
user_pref(CT3287375.browser.search.defaultthis.engineName, true);
user_pref(CT3287375.cb_experience_000.enc, Nw==);
user_pref(CT3287375.cb_firstuse0100.enc, MQ==);
user_pref(CT3287375.cb_user_id_000.enc, Q0IyMDcwNDQxMzk1MzlfMTM2NzA0MTcxMTMyN19GaXJlZm94);
user_pref(CT3287375.cbfirsttime.enc, RnJpIEFwciAyNiAyMDEzIDIyOjQ4OjMxIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);
user_pref(CT3287375.defaultSearch, true);
user_pref(CT3287375.embeddedsData, [{\appId\:\10000002\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\getSearchTerm
user_pref(CT3287375.enableAlerts, true);
user_pref(CT3287375.enableFix404ByUser, TRUE);
user_pref(CT3287375.enableSearchFromAddressBar, true);
user_pref(CT3287375.firstTimeDialogOpened, true);
user_pref(CT3287375.fixPageNotFoundError, true);
user_pref(CT3287375.fixPageNotFoundErrorByUser, true);
user_pref(CT3287375.fixPageNotFoundErrorInHidden, true);
user_pref(CT3287375.fixUrls, true);
user_pref(CT3287375.fullUserID, UN40443446851106414.UP.20130811132039);
user_pref(CT3287375.homepageuserchanged, true);
user_pref(CT3287375.installDate, 26/4/2013 18:02:58);
user_pref(CT3287375.installId, stub.exe);
user_pref(CT3287375.installSessionId, {1D20C1FD-5541-4CE3-B854-3B5CD8608AD2});
user_pref(CT3287375.installSp, TRUE);
user_pref(CT3287375.installType, conduitnsisintegration);
user_pref(CT3287375.installUsage, 2013-04-27T04:59:31.0165041+03:00);
user_pref(CT3287375.installUsageEarly, 2013-04-27T04:59:24.7609442+03:00);
user_pref(CT3287375.installerVersion, 1.4.1.3);
user_pref(CT3287375.isCheckedStartAsHidden, true);
user_pref(CT3287375.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.isFirstTimeToolbarLoading, false);
user_pref(CT3287375.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3287375.keyword, true);
user_pref(CT3287375.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN4044344685110641
user_pref(CT3287375.lastVersion, 10.16.70.505);
user_pref(CT3287375.mam_gk_appStateReportTime.enc, MTM4MDUwMTYzNjUwNw==);
user_pref(CT3287375.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3287375.mam_gk_appState_PiclickV2.enc, b24=);
user_pref(CT3287375.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3287375.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3287375.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3287375.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3287375.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJkY2E5NjlkMi1kNGEzLTRhODMtYj
user_pref(CT3287375.mam_gk_currentBadgeValue.enc, MA==);
user_pref(CT3287375.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3287375.mam_gk_eventsCache.enc, eyI4YWI5ZWRmZC05NzZmLTQzNWMtYmQ0Ni1mNmJiMDdmYjg0MWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3287375.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3287375.mam_gk_first_time.enc, MQ==);
user_pref(CT3287375.mam_gk_gadgetOpen.enc, MA==);
user_pref(CT3287375.mam_gk_lastLoginTime.enc, MTM4MDUwMTY0OTQwMA==);
user_pref(CT3287375.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3287375.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_newApps.enc, W10=);
user_pref(CT3287375.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3287375.mam_gk_settings1.5.0.3.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT3287375.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3287375.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3287375.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3287375.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3287375.mam_gk_userId.enc, OTQ2YTljYWEtM2Y0MC00MDBlLTg4NGQtZTkwMzlkNmM5MGY0);
user_pref(CT3287375.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3287375.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3287375.migrateAppsAndComponents, true);
user_pref(CT3287375.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_
user_pref(CT3287375.openThankYouPage, false);
user_pref(CT3287375.openUninstallPage, true);
user_pref(CT3287375.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3287375.price-gong.isManagedApp, true);
user_pref(CT3287375.revertSettingsEnabled, false);
user_pref(CT3287375.search.searchAppId, 10000002);
user_pref(CT3287375.search.searchCount, 0);
user_pref(CT3287375.searchFromAddressBarEnabledByUser, true);
user_pref(CT3287375.searchInNewTabEnabledByUser, true);
user_pref(CT3287375.searchInNewTabEnabledInHidden, true);
user_pref(CT3287375.searchRevert, false);
user_pref(CT3287375.searchSuggestEnabledByUser, true);
user_pref(CT3287375.searchUserMode, 2);
user_pref(CT3287375.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3287375.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3287375\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://Vafmusic.OurToolbar.com//xpi\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\Vafmusic\});
user_pref(CT3287375.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367027971523);
user_pref(CT3287375.serviceLayer_services_appsMetadata_lastUpdate, 1367040620523);
user_pref(CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367027971099);
user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367027968659);
user_pref(CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367027975265);
user_pref(CT3287375.serviceLayer_services_location_lastUpdate, 1367115767529);
user_pref(CT3287375.serviceLayer_services_login_10.15.2.23_lastUpdate, 1367115766437);
user_pref(CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367027971481);
user_pref(CT3287375.serviceLayer_services_searchAPI_lastUpdate, 1367115766224);
user_pref(CT3287375.serviceLayer_services_serviceMap_lastUpdate, 1367115764653);
user_pref(CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367027971055);
user_pref(CT3287375.serviceLayer_services_toolbarSettings_lastUpdate, 1367115765697);
user_pref(CT3287375.serviceLayer_services_translation_lastUpdate, 1367115764808);
user_pref(CT3287375.settingsINI, true);
user_pref(CT3287375.shouldFirstTimeDialog, false);
user_pref(CT3287375.showToolbarPermission, false);
user_pref(CT3287375.smartbar.CTID, CT3287375);
user_pref(CT3287375.smartbar.Uninstall, 0);
user_pref(CT3287375.smartbar.homepage, true);
user_pref(CT3287375.smartbar.toolbarName, Vafmusic );
user_pref(CT3287375.startPage, true);
user_pref(CT3287375.toolbarBornServerTime, 27-4-2013);
user_pref(CT3287375.toolbarCurrentServerTime, 28-4-2013);
user_pref(CT3287375.toolbarLoginClientTime, Fri Apr 26 2013 18:59:31 GMT-0700 (Pacific Daylight Time));
user_pref(CT3287375.url_history0001.enc, aHR0cDovL2Rvd25sb2FkLmNuZXQuY29tL3dpbmRvd3MvOjo6Y2xpY2toYW5kbGVyOjo6MTM2NzA0MTcxMjEwMiwsLGh0dHBzOi8vd3d3Lmdvb2dsZS5jb206OjpjbGlja2h
user_pref(CT3287375.versionFromInstaller, 10.15.2.23);
user_pref(CT3287375_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501595142,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(CT3289847.1000082.isPlayDisplay, true);
user_pref(CT3289847.1000082.state, {\state\:\stopped\,\text\:\1.FM (Cou...\,\description\:\1.FM (Country)\,\url\:\hxxp://1.fm/wm/energycountry32k.asx\});
user_pref(CT3289847.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.FF19Solved, true);
user_pref(CT3289847.FirstTime, true);
user_pref(CT3289847.FirstTimeFF3, true);
user_pref(CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3NDYyNDIyNA==);
user_pref(CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3NDYyNDI1NA==);
user_pref(CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MQ==);
user_pref(CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3NDYyNDI1NA==);
user_pref(CT3289847.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3289847.PG_ENABLE.enc, dHJ1ZQ==);
user_pref(CT3289847.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT3289847.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT3289847.SF_USER_ID.enc, Y2lkXzIzNzIwMTMxNzMyMjk2NTM5ODc=);
user_pref(CT3289847.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN34716991527094572&UM=2&q=);
user_pref(CT3289847.UserID, UN34716991527094572);
user_pref(CT3289847.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT3289847.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3289847.browser.search.defaultthis.engineName, true);
user_pref(CT3289847.cbfirsttime.enc, VHVlIEp1bCAyMyAyMDEzIDE3OjAzOjQ0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp);
user_pref(CT3289847.defaultSearch, true);
user_pref(CT3289847.embeddedsData, [{\appId\:\130068661007799818\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3289847.enableAlerts, true);
user_pref(CT3289847.enableFix404ByUser, TRUE);
user_pref(CT3289847.enableSearchFromAddressBar, true);
user_pref(CT3289847.firstTimeDialogOpened, true);
user_pref(CT3289847.fixPageNotFoundError, true);
user_pref(CT3289847.fixPageNotFoundErrorByUser, true);
user_pref(CT3289847.fixPageNotFoundErrorInHidden, true);
user_pref(CT3289847.fixUrls, true);
user_pref(CT3289847.fullUserID, UN34716991527094572.UP.20130818160054);
user_pref(CT3289847.homepageuserchanged, true);
user_pref(CT3289847.hxxp___api18_similarsites_com.pid2.enc, ZWQ4MTJkMzJkMTUyNjliNw==);
user_pref(CT3289847.hxxp___api28_starwebnet_com.pid2.enc, Mzg5NDZkM2MtODBkOC0zNjI1LTUxMWMtMGYwN2YyZmM3NzFk);
user_pref(CT3289847.hxxp___api29_starwebnet_com.pid2.enc, ODk5YjU0NjktN2E2Yy1jYzc0LTk1MTAtZWRhNWUzYWE1ZDY5);
user_pref(CT3289847.hxxp___api30_starwebnet_com.pid2.enc, Y2JjOTRkMTUtYjNlOC1lZTZhLWY2N2YtNmZkM2M3MDhmMDA4);
user_pref(CT3289847.hxxp___api32_starwebnet_com.pid2.enc, YWIyYjg0ZTYtOGIwYy02ZmVlLTNhNjMtMjgxODhhNzYwNzA2);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc, cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc, eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc, eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc, ZjYxZTIzYmMtNzUwMC0zZTExLWU0ZDAtMGFiODNlYjkzZjVi);
user_pref(CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc, MjAxMjA4MDItMDAw);
user_pref(CT3289847.installDate, 26/4/2013 18:04:03);
user_pref(CT3289847.installId, 9818);
user_pref(CT3289847.installSessionId, -1);
user_pref(CT3289847.installSp, TRUE);
user_pref(CT3289847.installType, conduitnsisintegration);
user_pref(CT3289847.installerVersion, 1.4.1.3);
user_pref(CT3289847.isCheckedStartAsHidden, true);
user_pref(CT3289847.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.isFirstTimeToolbarLoading, false);
user_pref(CT3289847.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3289847.keyword, true);
user_pref(CT3289847.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN3471699152709457
user_pref(CT3289847.lastVersion, 10.16.9.506);
user_pref(CT3289847.mam_gk_appStateReportTime.enc, MTM4MDUwMTY1NTc2Ng==);
user_pref(CT3289847.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3289847.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3289847.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3289847.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3289847.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3289847.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3289847.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3289847.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImNkN2U4ZDI3LWJlNDEtNDcxYi1iMDViLTZjZWUyNm
user_pref(CT3289847.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3289847.mam_gk_eventsCache.enc, eyJkMjg3Nzg4OC1lZWUxLTQ2MDEtOTA3NC03MDdiYmNiMjhiOWEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlv
user_pref(CT3289847.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3289847.mam_gk_first_time.enc, MQ==);
user_pref(CT3289847.mam_gk_gadgetOpen.enc, MA==);
user_pref(CT3289847.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3289847.mam_gk_lastLoginTime.enc, MTM3NjI1MjQ4MTA5OQ==);
user_pref(CT3289847.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3289847.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzEiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI
user_pref(CT3289847.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT3289847.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5j
user_pref(CT3289847.mam_gk_settings1.8.0.999.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIj
user_pref(CT3289847.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3289847.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT3289847.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3289847.mam_gk_userId.enc, NDcwOGI3NGItZjAyMS00OTMxLWIwN2EtY2U2NTkzYWVhMmFh);
user_pref(CT3289847.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3289847.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3289847.migrateAppsAndComponents, true);
user_pref(CT3289847.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_
user_pref(CT3289847.openThankYouPage, false);
user_pref(CT3289847.openUninstallPage, true);
user_pref(CT3289847.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3289847.price-gong.isManagedApp, true);
user_pref(CT3289847.revertSettingsEnabled, true);
user_pref(CT3289847.search.searchAppId, 130068661007799818);
user_pref(CT3289847.search.searchCount, 0);
user_pref(CT3289847.searchFromAddressBarEnabledByUser, true);
user_pref(CT3289847.searchInNewTabEnabledByUser, true);
user_pref(CT3289847.searchInNewTabEnabledInHidden, true);
user_pref(CT3289847.searchRevert, true);
user_pref(CT3289847.searchSuggestEnabledByUser, true);
user_pref(CT3289847.searchUserMode, 2);
user_pref(CT3289847.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3289847.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3289847\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://WhiteSmokeNew.OurToolbar.com//xpi\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\WhiteSmoke New\});
user_pref(CT3289847.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1367024990417);
user_pref(CT3289847.serviceLayer_services_appsMetadata_lastUpdate, 1367024989655);
user_pref(CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1367024989748);
user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1367444761338);
user_pref(CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1367444761339);
user_pref(CT3289847.serviceLayer_services_location_lastUpdate, 1367024987072);
user_pref(CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate, 1367115761289);
user_pref(CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1367024989791);
user_pref(CT3289847.serviceLayer_services_searchAPI_lastUpdate, 1367024987079);
user_pref(CT3289847.serviceLayer_services_serviceMap_lastUpdate, 1367115759725);
user_pref(CT3289847.serviceLayer_services_setupAPI_lastUpdate, 1367024990448);
user_pref(CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate, 1367024989711);
user_pref(CT3289847.serviceLayer_services_toolbarSettings_lastUpdate, 1367115761270);
user_pref(CT3289847.serviceLayer_services_translation_lastUpdate, 1367115761095);
user_pref(CT3289847.settingsINI, true);
user_pref(CT3289847.shouldFirstTimeDialog, false);
user_pref(CT3289847.showToolbarPermission, false);
user_pref(CT3289847.smartbar.CTID, CT3289847);
user_pref(CT3289847.smartbar.Uninstall, 0);
user_pref(CT3289847.smartbar.homepage, true);
user_pref(CT3289847.smartbar.toolbarName, WhiteSmoke New );
user_pref(CT3289847.startPage, true);
user_pref(CT3289847.toolbarBornServerTime, 27-4-2013);
user_pref(CT3289847.toolbarCurrentServerTime, 28-4-2013);
user_pref(CT3289847.toolbarLoginClientTime, Tue Apr 30 2013 19:56:48 GMT-0700 (Pacific Daylight Time));
user_pref(CT3289847.url_history0001.enc, aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjcwMjU1NDIwMDE=);
user_pref(CT3289847.versionFromInstaller, 10.14.380.14);
user_pref(CT3289847_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501593902,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(CT3291326.1000082.isPlayDisplay, true);
user_pref(CT3291326.1000082.state, {\state\:\stopped\,\text\:\Californi...\,\description\:\California Rock - Rock\,\url\:\hxxp://www.feedlive.net/california.
user_pref(CT3291326.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.FF19Solved, true);
user_pref(CT3291326.FirstTime, true);
user_pref(CT3291326.FirstTimeFF3, true);
user_pref(CT3291326.PG_ENABLE, dHJ1ZQ==);
user_pref(CT3291326.SearchFromAddressBarUrl, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(CT3291326.UserID, UN53133852618265168);
user_pref(CT3291326.addressBarTakeOverEnabledInHidden, true);
user_pref(CT3291326.autoDisableScopes, 15);
user_pref(CT3291326.browser.search.defaultthis.engineName, true);
user_pref(CT3291326.countryCode, US);
user_pref(CT3291326.defaultSearch, true);
user_pref(CT3291326.embeddedsData, [{\appId\:\130075605275743079\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT3291326.enableAlerts, true);
user_pref(CT3291326.enableFix404ByUser, TRUE);
user_pref(CT3291326.enableSearchFromAddressBar, true);
user_pref(CT3291326.enlargeSearchBox, {\enabled\:true,\maxWidth\:1000,\minWidth\:250,\width\:500});
user_pref(CT3291326.firstTimeDialogOpened, true);
user_pref(CT3291326.fixPageNotFoundError, true);
user_pref(CT3291326.fixPageNotFoundErrorByUser, true);
user_pref(CT3291326.fixPageNotFoundErrorInHidden, true);
user_pref(CT3291326.fixUrls, true);
user_pref(CT3291326.fullUserID, UN53133852618265168.IN.20130713102155);
user_pref(CT3291326.installDate, 13/07/2013 10:21:53);
user_pref(CT3291326.installId, stub.exe);
user_pref(CT3291326.installSessionId, {10EAE2A8-CA68-4CC9-9AAF-8F7D2D25BC86});
user_pref(CT3291326.installSp, TRUE);
user_pref(CT3291326.installType, conduitnsisintegration);
user_pref(CT3291326.installUsage, 2013-07-24T03:02:42.5666644+03:00);
user_pref(CT3291326.installUsageEarly, 2013-07-24T03:02:28.3875+03:00);
user_pref(CT3291326.installerVersion, 1.5.4.4);
user_pref(CT3291326.isCheckedStartAsHidden, true);
user_pref(CT3291326.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.isFirstTimeToolbarLoading, false);
user_pref(CT3291326.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT3291326.keyword, true);
user_pref(CT3291326.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN5313385261826516
user_pref(CT3291326.lastVersion, 10.16.70.505);
user_pref(CT3291326.mam_gk_appStateReportTime.enc, MTM4MDUwMTY0OTczNQ==);
user_pref(CT3291326.mam_gk_appState_ACplus.enc, b24=);
user_pref(CT3291326.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Discover.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Easytobook.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Easytobook_targeted.enc, b24=);
user_pref(CT3291326.mam_gk_appState_Find-a-Pro.enc, b24=);
user_pref(CT3291326.mam_gk_appState_PiclickV2-WebSearch.enc, b24=);
user_pref(CT3291326.mam_gk_appState_PriceGong.enc, b24=);
user_pref(CT3291326.mam_gk_appState_WindowShopper.enc, b24=);
user_pref(CT3291326.mam_gk_appsData.enc, eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref(CT3291326.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT3291326.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT3291326.mam_gk_configuration.enc, eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJiYTk1YzRhNS1kY2VjLTRkYTUtYT
user_pref(CT3291326.mam_gk_currentVersion.enc, MS4xMC40LjA=);
user_pref(CT3291326.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT3291326.mam_gk_first_time.enc, MQ==);
user_pref(CT3291326.mam_gk_installer_preapproved.enc, ZmFsc2U=);
user_pref(CT3291326.mam_gk_lastLoginTime.enc, MTM4MDUwMTY1MzMwOQ==);
user_pref(CT3291326.mam_gk_localization.enc, eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref(CT3291326.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT3291326.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT3291326.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT3291326.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT3291326.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT3291326.mam_gk_userId.enc, MDFhMTA5NjktMjQ2NS00NmVkLTgyMzAtMzlhMDcxYmI1MGNh);
user_pref(CT3291326.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT3291326.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT3291326.migrateAppsAndComponents, true);
user_pref(CT3291326.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\about%3Anewaddon%3Fid%3Dffxtlbr%40delta.com\,\EB_MAIN_FRAME_TITLE\:\\,\EB_SEARCH_TERM\:\\,\EB_
user_pref(CT3291326.openThankYouPage, false);
user_pref(CT3291326.openUninstallPage, true);
user_pref(CT3291326.originalHomepage, hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff);
user_pref(CT3291326.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(CT3291326.originalSearchEngine, Yahoo);
user_pref(CT3291326.originalSearchEngineName, Yahoo);
user_pref(CT3291326.price-gong.isManagedApp, true);
user_pref(CT3291326.revertSettingsEnabled, false);
user_pref(CT3291326.search.searchAppId, 130075605275743079);
user_pref(CT3291326.search.searchCount, 0);
user_pref(CT3291326.searchFromAddressBarEnabledByUser, true);
user_pref(CT3291326.searchInNewTabEnabledByUser, true);
user_pref(CT3291326.searchInNewTabEnabledInHidden, true);
user_pref(CT3291326.searchRevert, false);
user_pref(CT3291326.searchSuggestEnabledByUser, true);
user_pref(CT3291326.searchUserMode, 2);
user_pref(CT3291326.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT3291326\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://KeyBar113.OurToolbar.com//xpi\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\KeyBar 1.13\});
user_pref(CT3291326.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT3291326.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT3291326.serviceLayer_services_Configuration_lastUpdate, 1374624153660);
user_pref(CT3291326.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1374624161899);
user_pref(CT3291326.serviceLayer_services_appsMetadata_lastUpdate, 1374624161807);
user_pref(CT3291326.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1374624161761);
user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1374624152177);
user_pref(CT3291326.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1374624164575);
user_pref(CT3291326.serviceLayer_services_login_10.16.4.19_lastUpdate, 1374624162965);
user_pref(CT3291326.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1374624161722);
user_pref(CT3291326.serviceLayer_services_searchAPI_lastUpdate, 1374624153718);
user_pref(CT3291326.serviceLayer_services_serviceMap_lastUpdate, 1374624145522);
user_pref(CT3291326.serviceLayer_services_toolbarContextMenu_lastUpdate, 1374624161676);
user_pref(CT3291326.serviceLayer_services_toolbarSettings_lastUpdate, 1374624153535);
user_pref(CT3291326.serviceLayer_services_translation_lastUpdate, 1374624161886);
user_pref(CT3291326.settingsINI, true);
user_pref(CT3291326.shouldFirstTimeDialog, false);
user_pref(CT3291326.showToolbarPermission, false);
user_pref(CT3291326.smartbar.CTID, CT3291326);
user_pref(CT3291326.smartbar.Uninstall, 0);
user_pref(CT3291326.smartbar.homepage, true);
user_pref(CT3291326.smartbar.toolbarName, KeyBar 1.13 );
user_pref(CT3291326.startPage, true);
user_pref(CT3291326.toolbarBornServerTime, 24-7-2013);
user_pref(CT3291326.toolbarCurrentServerTime, 24-7-2013);
user_pref(CT3291326.toolbarLoginClientTime, Tue Jul 23 2013 17:02:42 GMT-0700 (Pacific Daylight Time));
user_pref(CT3291326.versionFromInstaller, 10.16.4.19);
user_pref(CT3291326.xpeMode, 3);
user_pref(CT3291326_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1380501596060,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=61&CUI=UN53133852618265168&UM=2&UP=SP77F3F47A-2BCD-48F1-873F
user_pref(Smartbar.ConduitSearchEngineList, KeyBar 1.13 Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3291326&ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(Smartbar.SearchFromAddressBarSavedUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(Smartbar.keywordURLSelectedCTID, CT3291326);
user_pref(aim_toolbar.search.searchtype, web);
user_pref(aim_toolbar.winamp.volume, );
user_pref(aol_toolbar.surf.date, 92);
user_pref(aol_toolbar.surf.lastDate, 26);
user_pref(aol_toolbar.surf.lastMonth, 3);
user_pref(aol_toolbar.surf.lastYear, 2013);
user_pref(aol_toolbar.surf.month, 4908);
user_pref(aol_toolbar.surf.prevMonth, 407);
user_pref(aol_toolbar.surf.total, 13137);
user_pref(aol_toolbar.surf.week, 784);
user_pref(aol_toolbar.surf.year, 5314);
user_pref(browser.newtab.url, hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=4E0C0019D1E594AB&tsp=5004);
user_pref(browser.startup.homepage, hxxp://mysearch.avg.com/?cid={B07D9E15-0CCE-4409-BDE5-174C9E77CA75}&mid=db26c891e11a47d3b6bed15097017d58-e7cb49739f079b51e65b1a425a1abfc
user_pref(extensions.bootstrappedAddons, {\
[email protected]\:{\version\:\1.2\,\type\:\extension\,\descriptor\:\C:\\\\Users\\\\Joseph\\\\AppData\\\\Ro
user_pref(extensions.crossrider.bic, 13e4909e938b10fc54d00fc3db53bbb3);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 4e0c29b00000000000000019d1e594ab);
user_pref(extensions.delta.instlDay, 15961);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.24.6);
user_pref(extensions.delta.vrsnTs, 1.8.24.611:30:51);
user_pref(extensions.delta.vrsni, 1.8.24.6);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, tsp=5004);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(extensions.dnsbasic.init, true);
user_pref(keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291326&SearchSource=2&CUI=UN53133852618265168&UM=2&q=);
user_pref(smartbar.addressBarOwnerCTID, CT3291326);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN40443446851106414&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287375&oct
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=,hxxp://search.condui
user_pref(smartbar.defaultSearchOwnerCTID, CT3291326);
user_pref(smartbar.homePageOwnerCTID, CT3291326);
user_pref(smartbar.machineId, XKUBU+QFAQIIYDNRB5Z52AJUMWCV5DQXYCKDR0IKEST7OIRAKK8Y59C1JZC9YCZMETF4CF6HD7BIDFUHGDH2YG);
user_pref(smartbar.originalHomepage, data:text/plain,browser.startup.homepage=hxxp://search.yahoo.com/firefox/?fr=yff80-sfp);
user_pref(smartbar.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN40443446851106414&UM=2&q=);
user_pref(smartbar.originalSearchEngine, false);
Emptied folder: C:\Users\Joseph\AppData\Roaming\mozilla\firefox\profiles\fb63icx9.default\minidumps [36 files]
~~~ Chrome
Dumping contents of C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\background.js
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\ContentScript.js
C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default\aadjdhdedgdggfgdgggbgcdgdegbdedj\manifest.json
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Successfully deleted: [Folder] C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Joseph\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
hbcennhacfaagdopikcegfcobcadeocj,
hhbgpoakplhahbklhkcfbpicgjcaoglk,
icdlfehblmklkikfigmjhbmmpmkmpooj,
mhkaekfpcppmmioggniknbnbdbcigpkk,
ndibdjnfmopecpmkdieinmbadjfpblof,
pfndaklgolladniicklehhancnlgocpp
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/13/2015 at 13:19:35.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.208 - Logfile created 13/07/2015 at 13:27:26
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows Vista Home Premium Service Pack 2 (x86)
# Username : Joseph - JOSEPH-PC
# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : SecureUpdateSvc
Service Found : YahooAUService
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
File Found : C:\Program Files\Mozilla Firefox\nsprotector.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\glmfgahfleepmdfffonfckpmkondpdkg
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk
File Found : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp
Folder Found : C:\OpenCandy
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Secure Speed Dial
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_0415tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected]
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected]
Folder Found : C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected]
***** [ Scheduled tasks ] *****
Task Found : EPUpdater
Task Found : IHUninstallTrackingTASK
Task Found : PC Optimizer Pro Startups
Task Found : 0415tbUpdateInfo
Task Found : 1214tbUpdateInfo
Task Found : 0415tbUpdateInfo
Task Found : 1214tbUpdateInfo
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{45F267AE-311F-43E2-BDAA-00D059B93BF9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare.tv plugin
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\vShare.tv
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\DnsBasic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh
Key Found : HKLM\SOFTWARE\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18999
-\\ Mozilla Firefox v17.0.1 (en-US)
[fb63icx9.default] - Line Found : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
[fb63icx9.default] - Line Found : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN40443446851106414&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default] - Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default] - Line Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN34716991527094572&SSPV=&Lay=1&UM=2\"}");
[fb63icx9.default] - Line Found : user_pref("CT3291326.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[fb63icx9.default] - Line Found : user_pref("CT3291326.embeddedsData", "[{\"appId\":\"130075605275743079\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[fb63icx9.default] - Line Found : user_pref("CT3291326.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291326&octid=CT3291326&SearchSource=15&CUI=UN53133852618265168&SSPV=&Lay=1&UM=2\"}");
-\\ Google Chrome v43.0.2357.81
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=45b45b30-fd9f-11e0-ba8b-0019d1e594ab&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120326A2AC42449290F8166B64F47B&q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18232546152612525&ctid=CT3291326&UM=2
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_btis2&mntrId=4E0C0019D1E594AB&tsp=5004
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [15331 bytes] - [13/07/2015 13:27:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15391 bytes] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Joseph (administrator) on JOSEPH-PC on 13-07-2015 13:33:46
Running from C:\Users\Joseph\Desktop
Loaded Profiles: Joseph & UpdatusUser (Available Profiles: Joseph & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Microsoft Corporation) C:\Windows\ehome\ehprivjob.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{965A1934-2571-4C7F-90EF-B14DB928B21D}\43.0.2357.132_chrome_installer.exe
(Google Inc.) C:\Windows\temp\CR_3EA22.tmp\setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-06] (IObit)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [884440 2015-05-07] (BlueStack Systems, Inc.)
HKLM\...\Run: [ATT-SST_UninstallTracking] => C:\Users\Joseph\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2012-04-08]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL =
SearchScopes: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> DefaultScope {23F88292-FB5A-4907-9DCB-119FE1A39D3B} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Handler: javascript - No CLSID Value -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1EC9B7C7-513F-4A2E-BD42-DE5436ECB5A0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3575C3DB-3FA7-4849-9D56-A5312E116450}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A5122F23-263E-41D6-AE4D-B8F05908A3F9}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{A886D423-9985-4C89-8B8E-36CFA507FF34}: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.1.1
Tcpip\..\Interfaces\{AC21EB7D-6797-4330-BE20-60C29D908B1C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F675D672-38E3-4E91-9C28-9C4DE0805C99}: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default
FF DefaultSearchEngine:
FF DefaultSearchUrl:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-27] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @talk.google.com/O3DPlugin -> C:\Users\Joseph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @tools.google.com/Google Update;version=8 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: @yahoo.com/BrowserPlus,version=2.7.1 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll [2010-04-19] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2013592473-1583479073-1329353095-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-26] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-04] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Joseph\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-04] ()
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\aim-search.xml [2009-06-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\keybar-113-customized-web-search.xml [2013-09-29]
FF SearchPlugin: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\searchplugins\live-search.xml [2009-02-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-03-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\searchme.xml [2009-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\searchads@instair(302).net [2014-12-13]
FF Extension: AD Block - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected] [2015-03-01]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\speeddial@instair(303).net [2014-12-13]
FF Extension: AccelerateTab - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected] [2015-03-01]
FF Extension: Platinum Hide IP - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected] [2011-08-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-08]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-18]
FF Extension: Yahoo! Toolbar - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(127) [2009-09-09]
FF Extension: Vafmusic - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} [2013-08-11]
FF Extension: Address Bar Search - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: FreeHDSport.TV - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected] [2012-12-16]
FF Extension: Personas Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\
[email protected] [2013-04-04]
FF Extension: Adblock Plus - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-26]
FF Extension: The Browser Highlighter - C:\Program Files\Mozilla Firefox\extensions\
[email protected] [2013-08-11]
FF Extension: searchme - C:\Program Files\Mozilla Firefox\extensions\
[email protected] [2013-08-11]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\
[email protected] [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\
[email protected] [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\
[email protected] [not found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [not found]
FF Extension: No Name - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\fb63icx9.default\extensions\
[email protected] [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\InfoAtoms.cfg [2013-08-11] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]
CHR HKLM\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
CHR HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Joseph\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-10] (Lavasoft)
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [433880 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [806616 2015-05-07] (BlueStack Systems, Inc.)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-02-13] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 XobniService; C:\Program Files\Xobni\XobniService.exe [44776 2009-07-14] (Xobni Corporation)
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [X]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131288 2015-05-07] (BlueStack Systems)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-04] (REALiX)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-07-28] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32160 2007-10-01] (PCTEL Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2013-05-07] () [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1963680 2006-12-05] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 13:33 - 2015-07-13 13:37 - 00023437 _____ C:\Users\Joseph\Desktop\FRST.txt
2015-07-13 13:33 - 2015-07-13 13:33 - 00000000 ____D C:\Users\Joseph\Desktop\FRST-OlderVersion
2015-07-13 13:26 - 2015-07-13 13:29 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:22 - 2015-07-13 13:22 - 02248704 _____ C:\Users\Joseph\Desktop\AdwCleaner.exe
2015-07-13 13:19 - 2015-07-13 13:19 - 00050056 _____ C:\Users\Joseph\Desktop\JRT.txt
2015-07-13 12:57 - 2015-07-13 12:57 - 03034266 _____ (Malwarebytes Corporation) C:\Users\Joseph\Desktop\JRT.exe
2015-07-13 12:51 - 2015-07-13 12:51 - 00005256 _____ C:\Users\Joseph\Desktop\wscsvc.reg
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\ProgramData\BlueStacksCopy
2015-07-13 00:10 - 2015-07-13 00:10 - 00000000 ____D C:\Program Files\BlueStacksCopy
2015-07-12 00:16 - 2015-07-12 00:16 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOSEPH-PC-Windows-Vista--Home-Premium-(32-bit).dat
2015-07-12 00:16 - 2015-07-12 00:16 - 00000000 ____D C:\RegBackup
2015-07-11 01:25 - 2015-07-12 23:56 - 00002515 _____ C:\Users\Joseph\Desktop\FSS.txt
2015-07-11 01:22 - 2015-07-13 13:33 - 01636864 _____ (Farbar) C:\Users\Joseph\Desktop\FRST.exe
2015-07-10 00:35 - 2015-07-07 23:12 - 00415232 _____ (Farbar) C:\Users\Joseph\Desktop\FSS.exe
2015-06-14 23:36 - 2015-06-14 23:36 - 00000695 _____ C:\Users\Joseph\Desktop\NTREGOPT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000676 _____ C:\Users\Joseph\Desktop\ERUNT.lnk
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-06-14 23:36 - 2015-06-14 23:36 - 00000000 ____D C:\Program Files\ERUNT
2015-06-14 23:35 - 2015-06-14 23:32 - 00791393 _____ (Lars Hederer ) C:\Users\Joseph\Desktop\erunt-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 13:34 - 2015-06-07 15:01 - 00000000 ____D C:\FRST
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:30 - 2006-11-02 05:47 - 00003664 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:25 - 2013-04-26 23:50 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 13:15 - 2015-03-01 22:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\IObit
2015-07-13 13:15 - 2013-10-24 08:49 - 00000000 ____D C:\Program Files\Secure Speed Dial
2015-07-13 13:15 - 2013-04-26 22:53 - 00000000 ____D C:\ProgramData\IObit
2015-07-13 13:11 - 2009-10-02 20:44 - 00000000 ____D C:\Program Files\IObit
2015-07-13 13:10 - 2012-12-29 01:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 13:10 - 2006-11-02 05:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-13 13:09 - 2012-12-29 01:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-13 13:09 - 2011-08-08 13:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 13:01 - 2006-11-02 05:52 - 01565971 _____ C:\Windows\WindowsUpdate.log
2015-07-13 12:54 - 2011-12-16 03:11 - 00000394 ____H C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job
2015-07-13 12:47 - 2015-05-17 02:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 12:47 - 2014-02-19 20:35 - 00001865 ___SH C:\Windows\system32\mmf.sys
2015-07-13 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 00:11 - 2006-11-02 06:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 02:08 - 2015-06-10 02:43 - 00012858 _____ C:\Windows\IE9_main.log
2015-07-12 01:02 - 2006-11-02 05:47 - 06062472 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-12 00:53 - 2006-11-02 03:33 - 00749424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 00:52 - 2015-06-09 12:07 - 00003572 _____ C:\Windows\setupact.log
2015-07-12 00:31 - 2008-11-15 19:32 - 01774944 _____ C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 00:32 - 2015-06-04 23:27 - 00001924 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-06-14 23:36 - 2008-11-27 14:13 - 00000000 ____D C:\Windows\ERDNT
==================== Files in the root of some directories =======
2013-04-26 23:07 - 2013-04-26 23:07 - 0087608 _____ () C:\Users\Joseph\AppData\Roaming\inst.exe
2008-12-12 17:27 - 2013-04-26 23:07 - 0007887 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.cat
2008-12-12 17:27 - 2013-04-26 23:07 - 0001144 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.inf
2013-04-26 23:07 - 2013-04-26 23:07 - 0000033 _____ () C:\Users\Joseph\AppData\Roaming\pcouffin.log
2008-12-12 17:27 - 2013-04-26 23:07 - 0047360 _____ (VSO Software) C:\Users\Joseph\AppData\Roaming\pcouffin.sys
2008-11-15 19:38 - 2009-08-05 17:59 - 0023580 _____ () C:\Users\Joseph\AppData\Roaming\UserTile.png
2009-05-23 12:08 - 2010-01-09 12:46 - 0000600 _____ () C:\Users\Joseph\AppData\Roaming\winscp.rnd
2010-11-10 14:38 - 2010-11-10 14:38 - 0000000 _____ () C:\Users\Joseph\AppData\Local\AutobahnAcceleratorInstall.txt
2010-02-21 09:46 - 2010-02-21 09:46 - 0000552 _____ () C:\Users\Joseph\AppData\Local\d3d8caps.dat
2008-11-15 19:31 - 2015-06-10 21:26 - 0002032 _____ () C:\Users\Joseph\AppData\Local\d3d9caps.dat
2008-12-12 15:06 - 2015-06-05 14:39 - 0159744 _____ () C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-26 23:20 - 2013-04-26 23:20 - 0000000 _____ () C:\ProgramData\222620313f3a54382a_c
2013-04-25 22:41 - 2013-04-25 22:41 - 0000000 _____ () C:\ProgramData\LQ20O6T.dat
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe.b
2013-04-25 22:40 - 2013-04-25 22:40 - 0000001 _____ () C:\ProgramData\Ov8S1e7I.exe_.b
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\temp\HD-RunAppTemp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 12:53
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Joseph at 2015-07-13 13:39:20
Running from C:\Users\Joseph\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2013592473-1583479073-1329353095-500 - Administrator - Disabled)
Guest (S-1-5-21-2013592473-1583479073-1329353095-501 - Limited - Disabled)
Joseph (S-1-5-21-2013592473-1583479073-1329353095-1000 - Administrator - Enabled) => C:\Users\Joseph
UpdatusUser (S-1-5-21-2013592473-1583479073-1329353095-1006 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2Wire Wireless Manager (HKLM\...\{3CE11B98-C61C-4692-9E0E-59934761C3BE}) (Version: 1.1.8.0 - 2Wire)
2WIREUSBWLANInstaller (HKLM\...\{2EAEB0A6-582A-490B-B075-D837677365C2}) (Version: 1.00.7327 - 2WIRE, Inc.)
AccelerateTab (HKLM\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
ATT-HSI (HKLM\...\ATT-HSI) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
BetOnline Client (remove only) (HKLM\...\BetOnLine Client) (Version: 1.0 - BetOnlineDevelopment)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{79809712-A577-4B8C-A9FC-51945690C7DC}) (Version: 0.9.25.5401 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version: - )
Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
DiskAid 3.11 (HKLM\...\DiskAid_is1) (Version: 3.11 - DigiDNA)
DnsBasic 1.0 build 111 (HKLM\...\DnsBasic) (Version: - )
Dream Aquarium (HKLM\...\Dream Aquarium_is1) (Version: 1.0700 - )
Dream Aquarium (HKLM\...\DreamAqua) (Version: - )
Driver Booster 2.3 (HKLM\...\Driver Booster_is1) (Version: 2.3 - IObit)
DVD Audio Ripper 4 (HKLM\...\DVD Audio Ripper 4) (Version: 4.0.71.0314 - ImTOO)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HDVidCodec (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
InfoAtoms (HKLM\...\InfoAtoms) (Version: 1.4.0.0 - InfoAtoms)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}) (Version: 10.2.2.14 - Apple Inc.)
Java 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{06C32EA0-4A22-4919-979A-8700715865B8}) (Version: 1.30.175.0 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 4.6.0 (HKLM\...\{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
Mplayer 0.6.9 (HKLM\...\Mplayer) (Version: 0.6.9 - )
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9728 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Out of the Park Baseball 6 (HKLM\...\Out of the Park Baseball 6) (Version: - )
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photoshop Cs4 Ultra 1.1 (HKLM\...\Photoshop Cs4 Ultra 1.1) (Version: - )
Pixillion Image Converter (HKLM\...\Pixillion) (Version: - NCH Software)
Portal 2 (HKLM\...\Postal 2_is1) (Version: - )
Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version: - Dancool999)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 2.00.0000 - NETGEAR)
Side 9 Screensaver (HKLM\...\Side 9 Screensaver) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TruePoker (High Res) (HKLM\...\TruePoker (High Res)) (Version: - )
TruePoker (HKLM\...\TruePoker) (Version: - )
TVersity Codec Pack 1.2 (HKLM\...\TVersity Codec Pack) (Version: 1.2 - TVersity Inc.)
Videora iPod Converter 4.04 (HKLM\...\Videora iPod Converter) (Version: 4.04 - Red Kawa)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software)
WinAVI Video Converter (HKLM\...\WinAVI Video Converter 10.0_is1) (Version: - ZJ Computing,Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 4.2.5 (HKLM\...\winscp3_is1) (Version: 4.2.5 - Martin Prikryl)
WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden
Xobni (HKLM\...\XobniMain) (Version: - Xobni Corp.)
Xobni Core (Version: 1.0.0 - Xobni, Inc.) Hidden
Yahoo! BrowserPlus 2.7.1 (HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
YouTube Downloader App 1.03 (HKLM\...\YouTube Downloader App) (Version: 1.03 - Regensoft)
YouTubeGet 5.2.3 (HKLM\...\YouTubeGet_is1) (Version: - YouTubeGet Developer Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B0-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{80FDF9B1-32FD-457B-8BE7-D367F3854959}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\googleadapter.dll (Google)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Joseph\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll (Yahoo! Inc.)
==================== Restore Points =========================
09-06-2015 01:05:43 Windows Update
10-06-2015 00:48:08 Scheduled Checkpoint
10-06-2015 02:31:08 Windows Update
10-06-2015 21:03:39 avast! Free Antivirus Setup
10-06-2015 21:23:39 avast! Free Antivirus Setup
11-06-2015 02:31:36 Windows Update
11-06-2015 20:47:19 Scheduled Checkpoint
12-06-2015 01:00:46 Windows Update
13-06-2015 00:00:06 Scheduled Checkpoint
13-06-2015 01:01:10 Windows Update
14-06-2015 00:14:07 Scheduled Checkpoint
14-06-2015 01:01:27 Windows Update
10-07-2015 00:42:34 Windows Update
11-07-2015 01:33:09 Windows Update
12-07-2015 00:16:42 Tweaking.com - Windows Repair
12-07-2015 00:56:59 Windows Update
13-07-2015 12:49:08 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-11-16 19:09 - 2015-07-12 00:41 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1A7D0543-A752-4AD2-802E-EA67FD04196A} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {21B568B7-DA01-4BB8-B802-7B6DC534B772} - \EPUpdater No Task File <==== ATTENTION
Task: {31BA1638-3905-431A-B39E-9F574005DD9D} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
Task: {33E1ABFC-4A6C-41DC-8332-0B3E70A3EFCE} - System32\Tasks\{F149BD0B-3DD3-4EDB-B4A5-3ECB3FF1DE20} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {34BFB3AC-3555-4E26-A7E5-7F7BD14C82A7} - \Driver Booster Update No Task File <==== ATTENTION
Task: {4413C5A7-8FC0-4C94-B452-AFFA060CEBCB} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe [2015-05-12] ()
Task: {4B2C630E-74E9-4C07-B649-AEBA7C0AF13A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {4BBF6D93-FAFF-4F48-8C64-C0C17A9A61B8} - System32\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015} => C:\Users\Joseph\AppData\Local\Temp\Pwl.exe <==== ATTENTION
Task: {4E53DF43-FD8E-42AF-874C-442230F27EC4} - System32\Tasks\{ED984665-93F3-4D2C-AB43-961AE08A5F8D} => pcalua.exe -a "C:\Program Files\SpywareGuard\unins000.exe"
Task: {60194C52-AACD-4936-9705-A4276108BAB6} - System32\Tasks\{00C9D597-DD76-4D5F-B07A-44569CFDC9CE} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {652595CA-2796-45B2-97C5-1C9C127C24AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-26] (Google Inc.)
Task: {85A9730D-D148-4D4B-8B72-5EA1CC420E14} - System32\Tasks\Test TimeTrigger => C:\Users\Joseph\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {94C487AC-D86C-41E6-9EFA-30005ADBD87C} - \PC Optimizer Pro startups No Task File <==== ATTENTION
Task: {9ED3C95C-BCB8-4C7D-8D3C-482F26049DD8} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BC8433A0-0791-4ECD-9445-A2666E0D8780} - System32\Tasks\ASC8_SkipUac_Joseph => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)
Task: {C0D0C629-F3A1-4606-B022-1EBCD5859A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C237D933-687A-4EF6-B5EF-917120F9A23F} - System32\Tasks\task34608275 => C:\Users\Joseph\AppData\Local\Temp\ozuvbvgiula.exe <==== ATTENTION
Task: {C314673B-BB0D-4B7A-BE41-C3B3BB8B5B30} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {C34F95B7-65A0-4019-8254-2D46D8047BDD} - \Driver Booster SkipUAC (Joseph) No Task File <==== ATTENTION
Task: {C4B9A509-CC34-4FAA-AFD3-7125C97F596C} - System32\Tasks\{606519EC-1B91-4A4A-891F-A3BED96803D3} => pcalua.exe -a "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" -c /u:PokerStars.net
Task: {C6229C54-4043-4B70-8EF8-9580EB1DB86F} - System32\Tasks\SmartDefrag4_Update => C:\Program Files\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {D21B6FE0-D20C-49BE-A33D-57AE4FB0AF1F} - System32\Tasks\Microsoft\Office Genuine Advantage\OGALogon => C:\Windows\system32\OGAExec.exe [2009-08-03] ()
Task: {DC75239F-AA37-4F74-9B3E-926E43D59010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-13] (Adobe Systems Incorporated)
Task: {E142EBBB-C5CD-408C-8607-47A6DF179DC9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {E148B685-8D01-4E3C-977A-818753DBF65B} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2006-12-05] (Microsoft Corporation)
Task: {E8458C5B-2A2F-4299-A01E-5E99157588D8} - System32\Tasks\task310613 => C:\Users\Joseph\AppData\Local\Temp\txgxvyqvqwh.exe <==== ATTENTION
Task: {E9B271DD-ED82-4CAF-A49A-61734B52F895} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe [2014-12-15] ()
Task: {F10092C8-C001-4A46-A89B-D5895CE77229} - \Uninstaller_SkipUac_Joseph No Task File <==== ATTENTION
Task: {F432B34D-4D54-4C74-BB3D-0659F374FAFD} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2006-12-05] (Microsoft Corporation)
Task: {FC118D82-15ED-445E-A182-B3376E34F5E7} - \Driver Booster Scan No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{9681F8A7-D422-4F25-B910-F1A75217759D}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{7EEFCDCC-47B9-4AF2-AB07-213795E46208}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{59C1AD01-8864-4B26-B305-1454909FD816}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (Whitelisted) ==============
2008-11-20 15:13 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2011-05-15 01:43 - 2010-04-29 11:30 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57436731.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57436731.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\motive.com -> hxxps://patttbc.att.motive.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
There are 6352 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2013592473-1583479073-1329353095-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
HKU\S-1-5-21-2013592473-1583479073-1329353095-1006\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\eedf631b-4376-4fc5-9057-1c6c8142bceb.exe /check
MSCONFIG\startupreg: 2Wire Wireless Manager => "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
MSCONFIG\startupreg: AllShareAgent =>
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: ATT-SST_McciTrayApp => "C:\Program Files\ATT-SST\McciTrayApp.exe"
MSCONFIG\startupreg: avast! => C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ISW.exe => "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0x1460, application start time 0xavgui.exe0.
Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xbec, application start time 0xavgui.exe0.
Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4353, time stamp 0x5329fb58, faulting module avgntopensslx.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000142, fault offset 0x00009eed,
process id 0xbc0, application start time 0xavgui.exe0.
Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
System errors:
=============
Error: (07/13/2015 01:22:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
Error: (07/13/2015 01:12:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Modules Installer%%1056
Error: (07/13/2015 01:11:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Media Player Network Sharing Service%%1056
Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service
Error: (07/13/2015 01:10:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NVIDIA Update Service Daemon1
Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant1100001Restart the service
Error: (07/13/2015 01:10:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Yahoo! Updater1
Error: (07/13/2015 01:10:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Restart the service
Error: (07/13/2015 01:10:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: XobniService1
Error: (07/13/2015 01:10:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: vToolbarUpdater18.5.01
Microsoft Office:
=========================
Error: (07/13/2015 01:03:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eed146001d0bda6ec038367
Error: (07/13/2015 12:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbec01d0bda4b3867677
Error: (07/13/2015 12:47:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/13/2015 12:10:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/12/2015 11:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgui.exe14.0.0.43535329fb58avgntopensslx.dll6.0.6002.1800549e03821c000014200009eedbc001d0bd383bd3bba7
Error: (07/12/2015 11:51:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (07/12/2015 11:50:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (07/12/2015 02:12:37 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/12/2015 02:12:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
CodeIntegrity Errors:
===================================
Date: 2015-07-13 13:36:09.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:08.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:08.644
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:08.501
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:08.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:07.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:07.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-07-13 13:36:07.671
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 15:03:43.307
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-06-07 15:03:43.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 2045.21 MB
Available physical RAM: 775.31 MB
Total Virtual: 4339.39 MB
Available Virtual: 2344.28 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:204.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
==================== End of log ============================